What is SAS-70?
In 1992 the American Institute of Certified Public Accountants (AICPA) developed the Statement on Auditing Standards Number 70 (SAS-70) for evaluating service organizations. The SAS-70 report is an in depth assessment of a service organization's controls, safeguards and activities which is performed by an independent auditor.
|Why is a SAS-70 Type II audit important?
|Single Point In Time Audit
A SAS-70 Type I audit is a written opinion by an independent auditor stating whether or not a service organization is accurate in the description of its processes and controls and whether or not those stated controls are efficient in meeting their objectives on a given date.
|Time Based Auditing
SAS-70 Type II audits combine elements of a Type I audit with the results of extensive testing over a defined period of time (at least 6 months) to determine how effectively the processes and controls are achieved.
What types of companies should undergo SAS-70 audits?
SAS-70 audits are beneficial to any service organization which provides outsourced services to another organization. These audits are especially important to service organizations whos offerings are considered mission critical. It is often the case when a user organization is being evaluated or undergoing its own internal audits, the user auditor will require the service organization to turn in a SAS-70 report generated by the service organization's auditor.
Why does Net Access Corp. (NAC) undergo a SAS-70 Type II audit?
The Senior Management of Net Access Corporation chose to perform an annual SAS-70 audit because it ensures that both the policies and procedures (controls) that the deparment managers have put in place, meet or exceed the generally accepted best practices of the industry, and that these controls are being tested on a regular basis. The audit process affords them an extremely detailed view into the day-to-day operations of the business, which helps them to identify and rectify any weakness in controls. As the data used to complete the SAS-70 Type II audit comes from data collected over a period of time it ensures that every employee is following every policy to the letter every time. Regular auditing ensures no employee is taking short cuts which may jeopardize the security or stability of the service environment.