Regulatory Compliance, Governance and Security

Jan 7 2010   1:21AM GMT

SAS 70 Audit & Compliance | Is a Type I Needed before a Type II?



Posted by: Charles Denyer
Tags:
sas 70 audit compliance
sas 70 resource guide
sas 70 type ii
Statement on Auditing Standards No. 70
type i

As a SAS 70 Auditor, I’m often asked if a SAS 70 Type I is needed before conducting a SAS 70 Type II? The answer, YES and NO!

Yes, in that if an organization has never gone through a SAS 70 audit, has time to conduct a Type I audit, or has “cold feet” about going right into a SAS 70 Type II, which can be an extensive undertaking for any organization not familiar with Statement on Auditing Standards No. 70.

As for the NO answer. Well, if organizations have a compelling regulatory requirement to obtain SAS 70 Type II compliance, then you know the answer. Also, if an organization is continuing to roll forward every year with a Type II, then obviously, one would never go back to do a Type I, unless it was on a completely different business line (but that is a whole different topic to discuss at a later time).

As an auditor, my advice is to “crawl” before you “walk”, that is, get your feet wet and become acquainted with the SAS 70 process by conducting a Type I audit first and foremost-if you CAN.

Want to learn more about SAS 70 audits, then visit the official SAS 70 Resource Guide.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: