SAS 70 Type I and SAS 70 Type II audits are fast becoming a mainstay in today’s regulatory compliance environment. If your organization is seeking to become SAS 70 Type I or SAS 70 Type II compliant in the near future, then here are some helpful tips in adequately preparing for all aspects of the audit.
1. Requirements-Do you need a SAS 70 Type I or SAS 70 Type II audit?
2. What is the scope of the audit? What business lines, services, and operations have to be covered in the SAS 70 audit. Are their specific demands that need to be within the audit that somebody is asking for?
3. Pricing-Always obtain three (3) quotes and get a “fixed fee” for the audit, that is, the entire audit, including travel and all out of pocket expenses, are included within the fixed fee.
4. Testing period-If moving forward with a SAS 70 Type II audit, what is the test period going to be (note: test periods are traditionally 6 or 10 months long-you will have to identify this with the CPA firm that will be conducting the SAS 70 audit)
5. SAS 70 Readiness-Make sure you conduct a Readiness Assessment before moving forward with the audit. It will prove invaluable in understanding your control environment.