SAS70 Auditing has become a staple in today’s growing regulatory compliance world. As such, I have put together a list of questions and answers for SAS70 issues that are commonly asked to me:
1. How much does a SAS70 audit cost?
That depends on a number of issues, such as the scope of the audit, are you required to be SAS70 Type I or Type II compliant. Have you ever had a SAS70 audit conducted before on your organization. However, do remember this. Get a FIXED FEE for the audit, that is, make sure all out of pocket, travel expenses are included in the FIXED FEE.
2. We have never had a SAS70 audit done before, what and where is the best place to start?
Start with a SAS70 Readiness Assessment-A series of highly customized questionnaires that help guide and facilitate the overall SAS70 audit process for your organization. You don’t go from first to third without a pit stop at second. The same theory holds true for SAS70 audits-don’t jump right into a SAS70 Type I or Type II without conducting preliminary work and analysis on your controls, your manpower, and the overall audit process. Get a SAS70 Readiness Assessment done-it will prove invaluable. You can even obtain free SAS70 Readiness Assessment questionnaires from the official SAS70 Resource Guide, developed by NDB Accountants and Consultants.
3. Can you fail a SAS70 audit? Technically, you can be given a “qualified” or adverse opinion on the audit. However, if you go through a SAS70 Readiness Assessment, learn from the deficiencies you have found, your organization should be able to successfully get a clean, “unqualified” SAS70 opinion.
Want to learn more about SAS70 audits, then ask for a complimentary SAS70 Type II audit report. You will learn much about the auditing standard from this report.