Risks to the Service Organization

Posted by on May 20, 2010 in Blog | 0 comments

What Risks Should be Covered in a SAS 70 Audit? A SAS 70 audit should address “[a]ll of the major aspects of the processing that may be relevant to the user auditors in assessing the risks of material [financial statement] misstatement” (AICPA, 2009 SAS 70 Audit Guide 4.13).  This means addressing the risks associated with processing.  For example, a service organization may print...

Read More

Audit Sampling for SAS 70 Audit Examinations

Posted by on May 10, 2010 in Blog | 0 comments

“Audit sampling is the application of an audit procedure to less than 100 percent of the items …for the purpose of evaluating some characteristic…” (AICPA, Audit Sampling Guide 2.19). Audit sampling is used in the context of a SAS 70 audit as a basis to form a conclusion on the operating effectiveness of controls for a Type II report.  A walkthrough is generally considered...

Read More

Non-CPA Organizations Performing SAS 70 Audits

Posted by on Apr 24, 2010 in Blog | 0 comments

Question One: Can non-CPA organizations perform SAS 70 audits? Answer: No. Question Two: Can non-CPA organizations partner with CPA firms to perform SAS 70 audits? Answer: No. If you think otherwise, contact any member of the AICPA SAS 70 Task Force (Hint: their names are in the SAS 70 Audit Guide). Any one of them would be more than happy to take down your information and have a dialogue with...

Read More

SAS 70 Out (Soon), SSAE 16 In

Posted by on Apr 15, 2010 in Blog | 2 comments

Did you know SAS 70 Standard is Changing? In an effort to clarify standards and converge with international standards, changes to SAS 70 requirements have been  made by the AICPA. The new standard is Statements on Standards for Attestation Engagements (SSAE) 16 or SSAE 16. These changes, which affect the service organization and the service auditors completing the SSAE 16 engagement, will be...

Read More