A Certified Public Accounting firm

SAS 70 Reports

What is SAS 70?

Statement on Auditing Standards No. 70 (SAS 70) is the standard promulgated by the American Institute of Certified Public Accounts (AICPA) for examination and use of an audit of the internal controls of a service organization. SAS 70 reports are often requested by a service provider’s clients and their auditors when the services provided are significant to the client ’s financial statements, transactions or business processes and therefore form part of the control environment of the client. A SAS 70 report contains a description of the processes and controls that a service provider performs and an audit opinion.

Sarbanes-Oxley for Service Organizations

Many service organizations who provide services to publicly traded companies now find that they are asked to provide a SAS 70 report or else be subject to the public companies’ internal auditors and external auditors individually visiting and auditing them.  Why?  The Sarbanes-Oxley Act of 2002 (SOX) has placed requirements on public companies to document, evaluate and assert to the effectiveness of their internal controls over financial reporting, included the information technology environment which supports it.  Service organizations often perform part of the processes and controls of the company and therefore become a subject of the internal control audit process. The SAS 70 report provides the company’s auditor with the necessary information to evaluate the controls provided by the service organization without having to audit the service provider themselves.

Types of SAS 70 reports

There are two types of service auditor reports: Type 1 and Type 2, which have a different basis for the auditor’s opinion (see table below). Since a Type 1 report does not include an opinion on the operating effectiveness of controls (i.e. controls placed in operation are performing as expected based on testing), a Type 2 report is required most often by user organizations and their auditors. 



Why Sanders Consulting?

CPA
A SAS 70 report  and opinion can only be provided by a licensed CPA firm

Internal controls experience
We have many years of experience with Sarbanes-Oxley  compliance,  Internal audit, and SAS 70 preparation and audit

Understanding your clients’ perspective
We’ve requested and used SAS 70 reports for clients subject to SOX.  We know how they are used and what auditors look for in the report

Technical expertise
We aren’t just accountants and auditors, but also understand business processes and technology 

Contact us for more information about SAS 70

Content copyright . Sanders Consulting, LLC. All rights reserved.
Photos courtesy of DIGITALSOLUTIONPRO.com