What is a SAS 70? Who Needs a SAS 70?

Posted on

This blog is a re-posting from June 2009

A SAS 70 audit report assesses the design and operating effectiveness of a service organization’s controls.  A Type I SAS 70 only assesses the design of controls.  A Type II SAS 70 assesses both the design and operating effectiveness of controls.

Consider the following scenario – Your company provides a service that may materially affect your customer’s financial statements.  Naturally, your customers, your customer’s auditors, and your potential future customers want to make sure their financial information is accurate, complete, and recorded properly.  As such, each of these parties requests to inquire or audit your processes and systems.  What a nightmare, right?

Well, that is where a SAS 70 comes in.  Since the SAS 70 audit report assesses the design and operating effectiveness of a service organization’s controls, the audit report can be provided to customers as evidence of the effectiveness of your controls.  You may not want to provide the report to potential future customers, but letting them know that you received a clean SAS 70 audit report would certainly provide them some comfort regarding your operations.

So what type of organization would need or even want a SAS 70?  Usually the following organizations would consider obtaining a SAS 70: payroll service providers, claims processors, benefits administrators, third party administrators, clearinghouses, transfer agents, trust administrators, data centers, application service providers (ASPs), and outsourced IT departments.

Here is a pretty good link that provides some more details.

Have your customers requested assurance that your processes and systems are controlled?  
Do you feel comfortable that the business processes and IT processes you have in place are controlled to prevent/detect unnecessary mistakes, unauthorized transactions, unauthorized modifications to data, and fraudulent activity?


The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.


About the Author

Keiter CPAs is a certified public accounting firm serving the audittax, accounting and consulting needs of businesses and their owners located in Richmond and across Virginia. We focus on serving emerging growth businesses and companies in the financial servicesconstructionreal estatemanufacturingretail & distribution industries and nonprofits. We also provide business valuations and forensic accounting servicesfamily office services, and inbound international services.

More Insights from Keiter CPAs

Contact

How Can We Help You and Your Business?

Innsbrook Corporate Center
4401 Dominion Boulevard
Glen Allen, Virginia 23060

804.747.0000 or 804.273.6200

Directions