Profile: Charles Denyer
If your organization needs to embark on SAS 70 Type I or Type II compliance, here’s what you need to know about getting a fair, equitable fee from a CPA firm that proposes on the audit.
- Discuss what the scope of the audit will be, that is, is it a general controls audit or does the SAS 70 Type I or Type II audit proposal include provisions for examining specific business processes. This is vitally important because the organization requiring you to be SAS 70 compliant may very well have special provisions for the audit. Talk to your clients and communicate this with CPA firms giving you a proposal.
- Determine the testing time period of the audit, if a SAS 70 Type II is being conducted. Generally speaking, the longer the test period, the more testing will be done, thus the audit will be more costly. See if a six (6) month testing period will suffice for your client’s demands.
- Once you have determined scope, make sure to discuss where and when testing will take place. The more physical locations the auditors have to visit, then the more costly the audit will be. You may be able to test for the audit at one central location, so be sure to come to an agreement on this early.
- Make sure the proposal is a fixed fee. In today’s economy with rising gas, food, and transportation costs, any non-audit, out of pocket fees can become quite costly. A fixed fee will help mitigate some of these unknown, variable costs.