After years of working with the SAS 70 auditing standard, there comes a time when i need to clarify and hand out helpful advice to service organizations that will soon be undertaking the process of an actual SAS 70 audit. So, let’s discuss some important issues for making sure you achieve SAS 70 Type II compliance in a cost-effective and timely manner.
1. Get a FIXED FEE for the audit. Hire a firm that gives you one price for all activities associated with the audit.
2. DO conduct a SAS 70 Readiness Assessment. This is vital to the audit and in helping frame the scope of the audit, while also giving your organization the time to correct any gaps or weaknesses found. A good, quality, and reputable CPA firm will offer this service and many times as part of the entire fixed fee.
3. Do ask about how testing is conducted by the firm you have hired. That is, how do they conduct sampling, what is their method for determining an “exception” to the audit process, etc. In short, communicate frequently and often and ask the right questions.
If you want to learn more about SAS 70 audits, then visit the official SAS 70 Resource Guide.