Regulatory Compliance, Governance and Security

Apr 30 2009   3:13PM GMT

SAS 70 Compliance | A Step by Step Processes for SAS 70 Type I and Type II Audits



Posted by: Charles Denyer
Tags:
charles denyer
sas 70 compliance
sas 70 readiness assessment
SAS 70 Type I
sas70 services
sas70.us.com
type ii audit

SAS 70 compliance is a multi-phased, process based methodology that is undertaken by organizations seeking to become SAS 70 Type I or Type II compliant. As a SAS 70 auditor, I’m often asked what the SAS 70 audit process is, how long it takes, what are the “bumps” in the road that can occur. Thus, listed below are the major activities that must be enacted for ensuring your organization is on the right path to SAS 70 compliance.

1. Choose a CPA firm that provides SAS 70 services on a fixed fee, not an hourly basis.
2. Identify the SAS 70 audit that must be undertaken; either a Type I or a Type II audit.
3. If a Type II audit is your goal, identify the “test period” for the audit.
4. Discuss the scope of the audit, that is, what “business processes” are being covered and what physical locations will have to be a part of the testing process.
5. Begin a SAS 70 Readiness Assessment phase. This helps further identify the scope of the audit along with highlighting any weaknesses in your control environment.
6. If necessary, conduct remediation activities that were identified during the SAS 70 Readiness Assessment.
7. Once the above phases are complete, start to discuss fieldwork testing and the collection of documents for auditor that will be needed to help facilitate the audit.
8. Ask auditor for list of items that will need to be collected prior to the audit fieldwork.
9. Plan and prepare accordingly with the auditors for fieldwork.
10. Once fieldwork is complete, findings should be reported to you from the auditing firm, allowing you to give answers to any exceptions found during testing.
11. Drafting of report and final closing meeting to discuss report and finding ensues.

Visit the official SAS 70 Resource guide to learn more about SAS 70 compliance.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: