SAS 70 Overview
Our dedicated SAS 70 team delivers Type I and Type II audits that meet the highest levels of user scrutiny and satisfy all service organization, user organization, and user auditor requirements.
SAS 70 and its successor standard, SSAE 16, are audit standards maintained by the American Institute of Certified Public Accountants that provide service organizations across a variety of industries a mechanism to define the set of internal control objectives that are important to their customers’ and their customers’ auditors and have an independent assessment of the internal controls supporting those control objectives completed that can provide customers assurance on the design and operational effectiveness of those controls.
We provide the following services:
- SAS 70 (and SSAE 16) Type I Examinations: We will express an opinion on whether the service organization’s description of its controls presents fairly, in all material respects, the relevant aspects of the service organization’s controls that had been placed in operation as of a specific date, and whether the controls were suitably designed to achieve specified control objectives.
- SAS 70 (and SSAE 16) Type II Examinations: We will provide all activities noted in the Type I description. In addition, we will express an opinion on whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.
- Audit Readiness Services: We can help larger service organizations prepare for a SAS 70 audit by assessing their preparedness and identify controls that should be implemented prior to an audit. However, we believe that in most cases, audit readiness services are an unnecessary expense and your budget is more effectively spent on a SAS 70 Type I audit as readiness services (or “pre-assesment” services as they are often known) do not produce a formal report appropriate for sharing with customers.
The quality of a SAS 70 or SSAE 16 report is of critical importance. Terms like “SAS 70 compliance” and “SAS 70 certification” are inherently inaccurate as they indicate having a SAS 70 report in and of itself is sufficient to customers and potential customers. In fact, quite the opposite is true. A poorly prepared audit report may not cover everything that is required in order for them to maintain effective internal controls, thus rendering the report unusable. At Linford & Company, our experience helps service providers cover everything they need to and nothing they don’t leading to the most effective and reliable reports at minimum cost and disruption.
Quality in Reporting
Linford & Company SAS 70 reports are relied on by some of the world's largest user organizations including numerous top five investment banks, top five commercial banks, and top five health insurance companies, just to name a few.
Contact Us
Have questions or want to discuss details, timing, or pricing related to your SAS 70 project?
 |
Phone: +1 (720) 330-7202 Email: info@linfordco.com or visit the Contact Us page |