Posted by: Charles Denyer
Auditing, audits, Compliance, HIPAA, regulatory compliance, SAS 70, SAS 70 readiness questionnaire, Security, SOX
From a regulatory compliance and corporate governance perspective, SAS 70 Type I and SAS 70 Type II audits are having a deep impact on many organizations. They can be costly, time consuming, if not undertaken in a proactive, efficient manner. If you are a service organization falling under the regulatory compliance microscope, then SAS 70 audits are probably on your radar screen. What’s important to not is that with any audit process, you should have in place a structured, proven methodology for completing the SAS 70 audit. But where do you start? With SAS 70 readiness questionnaire forms and templates, that’s where, that help guide you and your organization in fulfilling the demanding requirements set forth by this type of audit.
SAS 70 readiness questionnaire forms and templates help organizations understand the scope of the audit, what information will be needed for the SAS 70 audit, along with assisting the service organization in identifying any weaknesses or deficiencies in their internal controls.
Moreover, if your organization needs specific sas 70 readiness questionnaire templates for a particular business process because of audit demands, this helps your prepare even more for the audit. For example, if you are a data center and conduct managed services for clients, then a sas 70 readiness questionnaire specific to managed services can be utilized. How about if you are a third party administrator (TPA), you can use a sas 70 readiness questionnaire that discusses plan administration, billing & eligibility and other notable TPA requirements. In essence, the more you can uncover with a sas 70 readiness questionnaire, the more prepared you will be for the SAS 70 Type I or Type II audit.
- Organization and Administration for Executive Tone
- Human Resources
- Systems Development Life Cycle
- Incident Management
- Change Management
- Emergency Change Management
- Logical Security
- Network Security
- Physical Security
- Environmental Security
- Computer Operations
- Business Continuity and Disaster Recovery Planning (BCDRP)-This is optional as the SAS 70 auditing standard states that plans are not control objectives. However, in today’s I.T. and compliance world, it would be wise to include it in the scope of the audit.