Changes to SAS 70 Auditing Standard

Posted on 06.03.10

*Due to constantly changing regulations, please consult your tax and accounting professional for the most up to date information on this and any topic that you research online.

SAS 70 is an auditing standard put forth by the AICPA that is utilized by auditors for examining internal controls in service organizations. Service organizations include: business process outsourcing (payroll, general accounting), data centers, outsourced IT functions, software providers, claim processors, benefit plan administrators, trust administrators, investment advisors, and billing and collections companies.

As part of its project to converge with International Auditing and Assurance Standards Board (IAASB) standards, the AICPA issued SSAE No. 16, which will be effective for reporting periods on or after June 15, 2010.

The new standards include a number of changes for both auditors and companies obtaining SAS 70 audit reports. Two changes that service organizations should be aware of include:

-       The auditor will be required to document the criteria used when auditing a service providers internal controls.
-       The company will be required to provide a written assertion on the subject matter of the engagement.

If you are a service provider with questions on internal control reports or SAS 70 reports, please feel free to contact you Keiter Tax partner.