The Software as a Service (SaaS) industry and SAS 70 audits actually have quite a bit in common. First and foremost, both the SAS 70 auditing standard and the SaaS industry have seen explosive growth in the past five years, thanks in large part to regulatory compliance and the advent of technology. Second, from a compliance standpoint, SaaS providers are increasingly being required to be SAS 70 Type II compliant.
The sheer nature of the SaaS industry has forced the SAS 70 auditing standard’s requirement onto many SaaS providers. What’s more, what may have been perceived as a market edge, a compliance luxury, the SAS 70 audit is now a must have for SaaS providers, or lose potential clients and future prospects.
If you are an organization falling under the SaaS industry label, there are a few helpful things you can do to get ready for a SAS 70 audit:
1. Find a firm that truly understands the SaaS industry-it can be complicated due to the nature of the industry itself.
2. Fina a firm that will give you a fixed fee for the audits. That’s right, no need to pay additional out of pocket expenses to the auditor. Most reputable firms are now moving towards the fixed fee mentality, so your checkbook should too.
3. Make sure you define the scope early with the CPA firm doing the audit. The SaaS industry has many providers and outsourcing entities that could potentially be in scope for the audit of your company. From data centers to external, third party managed providers of security, you and the CPA firm need to nail down who and what is included in the scope. This will have a sizable impact on the time, fees, and man hours needed to complete the audit.