Sep 20 2008 2:23PM GMT
Posted by: Charles Denyer
Security,
audits,
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 checklist,
sas70,
sas70 sample reports
As a SAS70 auditor, I’m often asked about how organizations should prepare for a SAS70 audit. In fact, companies and organizations alike commonly ask me for a SAS70 checklist. I simply reply by asking a checklist for what-on how to prepare for the audit, on what the audit scope is, etc? You see, the phrase SAS70 checklist is just too broad and vague.
What organizations really need to do for preparing for a SAS70 audit is to conduct a SAS70 Readiness Assessment, which essentially covers a broad range of topics and subject matter for a SAS70 Type I or SAS70 Type II audit. In fact, a SAS70 Readiness Assessment will help your organization truly understand what a SAS70 audit is, how an organization actually undertakes this type of audit, along with other essential activities. Here’s an example of the core functional areas that a SAS70 Readiness Assessment would cover within an organization. Please keep in mind that this is a general reference and scope can change based on the SAS70 audit itself. But by and large, any reputable CPA firm helping you with a SAS70 Readiness Assessment will almost surely include these areas:
* Organization and Administration-Executive Tone & Human Resources
* Incident Management
* Change Management
* Logical Security
* Network Security
* Physical Security
* Environmental Security
* Computer Operations
* Business Continuity and Disaster Recovery Planning (BCDRP)
To learn more about SAS70 audits, visit the official SAS70 Resource Guide, where you can receive a sample SAS70 audit report.
Aug 27 2008 12:05PM GMT
Posted by: Charles Denyer
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 checklist,
sas70,
sas70 sample reports
The tremendous growth of SAS 70 audits has been felt in many industries, requiring service providers (commonly known as service organizations in the SAS 70 world) to undergo an annual SAS 70 Type II audit. If your organization is new to the SAS 70 audit process, here are some helpful tips for ensuring you find the right firm, a fair fee, along with other important considerations and factors regarding statement on auditing standards no. 70.
1. Find a firm that specializes in SAS 70 audits. This is not too terribly difficult as there are many firms out there providing this services for this specialized audit.
2. Make sure the firm has industry experience, not just general SAS 70 experience. Sounds easy, but it would be wise to pick a firm that has conducted SAS 70 audits in your industry, thus a have a working knowledge of your operations and what to expect
3. Define the scope EARLY. Make sure your organization and the CPA firm conducting the SAS 70 audit come to an understanding very early on regarding the scope of the audit. Too small a scope and the SAS 70 audit may have little value. Too large a scope and you may be spending more time, money, and effort than is needed.
4. Get a fixed fee for the audit. That’s right, make sure the proposal you receive is fixed, meaning it include all out of pocket, travel related expenses. A non-fixed fee proposal will likely tack on an additional 20% for out of pocket fees.
5. Ask for templates and questionnaires so you can conduct your own SAS 70 Readiness Assessment. Many CPA firm charge for this service, but some firms are willing to give you the templates free of charge. It’s a great tool for audit preparedness in regards to completing the SAS 70 audit in a successful manner.
To learn more about statement on auditing standards no. 70 or to receive a sample SAS 70 report, visit the official SAS 70 Resource Guide.
Jul 21 2008 6:23PM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
Sarbanes-Oxley,
regulatory compliance,
audits,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
SAS70 Type I & Type II audits can be daunting indeed to many service organizations, but they shouldn’t be. The more you learn about what SAS70 is, the better prepared you will be for going through a SAS70 audit. Let’s start with the basics, that is, educate yourself on what a SAS70 Type I & Type II audit is, and what are the differences.
Furthermore, obtain SAS70 sample reports electronically to see what a final SAS70 service auditors report actually looks like. Additionally, learn about what it takes in the step by step process for undertaking a SAS70 audit. There are many different stages, activities, and deliverables that comprise of a SAS70 audit, so its a good idea to educate yourself on what they are, when they occur, what to expect, and what the commitment is from your organization in terms of manpower and resources.
Beginning with a SAS 70 readiness questionnaire assessment, then culminating with the delivery of the actual service auditor’s report, you need to learn firsthand what’s involved for this type of an audit.
You can also learn more by visiting the official SAS70 resource guide, where a wealth of information is available, such as white papers on SAS70 along with current industry news affecting the auditing standard itself.
Jul 18 2008 1:55AM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
audits,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
You can obtain SAS70 sample reports if you are interested in learning more about the SAS70 auditing standard. Many service organizations have to go through a SAS70 audit and would like to learn more about the auditing standard. Thus, a SAS70 Type II example report, which can be obtained from the official SAS70 Resource Guide, will give readers an in-depth understanding of the inner workings of a SAS70 audit, along with providing an excellent example of what the contents of a report are.
SAS 70 sample reports can also help better educate your organization on the auditing standard, ultimately giving you more knowledge and understanding of the audit when you begin the selection process of finding a CPA provider to conduct the SAS70 Type I or Type II audit for your organization.
Additionally, current white papers along with various information on relevant industry news is also available for learning more about SAS70 audits both Type I and Type II audits. Current industries being heavily affected by the SAS70 auditing standard are financial services, information, and health care. The past decade has seen numerous federals laws and legislations implemented that have placed a large emphasis on security, privacy, and an organization’s overall control environment. What’s more, SAS70 audits have quickly become the default tool used to ensure service organizations are in compliance with these ever expanding regulatory compliance laws.
Jul 13 2008 10:15PM GMT
Posted by: Charles Denyer
HIPAA,
Compliance,
DataCenter,
SOX,
GLBA,
Sarbanes-Oxley,
regulatory compliance,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
A SAS70 report can be a daunting undertaking for many service organizations who have never gone through an audit of this type. Developed in 1992 by the American Institute of Certified Public Accountants (AICPA). SAS70 Type I and Type II audits are used for examining a service organization’s control environment.
Many companies often ask me what the end deliverable report looks like. Because of the loose flexibility of the auditing standard, I have to caution them that no two reports from different CPA firms for a SAS 70 audit will ever look alike. This is largely based on the fact that the presentation of the audit findings allows CPA firms to illustrate it in any number of ways. However, even with that said, there should be some fundamental topics and areas that need to be included in almost any SAS 70 Type II audit. A good reference would be to examine the SAS70 audit & overview presentation tutorial, which gives readers an excellent example of what is SAS70 and what’s in a report.
Additionally, visit the SAS70 resource guide where you can receive SAS70 sample reports for educational viewing.
Jul 11 2008 3:50AM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
regulatory compliance,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
SAS 70 audits have become a way of life for many in today’s ever growing regulatory compliance world. From financial services to healthcare and I.T., no industry is safe from the large and expanding compliance mandates being pushed out of Congress. Notable legislation, such as HIPAA, GLBA, and Sarbanes-Oxley have had a profound impact on many of today’s businesses.
Though SAS 70 audits are a considerable time and expense proposition for many service organizations, there are many positive attributes that can be taken from these audits. Most importantly, they help you identify weaknesses within your internal control structure. Second, they are a great marketing tool for attracting new business for your organization. And third, they help satisfy the growing compliance demands set forth by industry regulations that are being pushed on your organization by your client’s auditors.
But before you can reap the benefits of SAS 70 audits, you need to learn about the auditing standard and what is SAS 70. Visit the official SAS 70 resource guide, where you can obtain SAS 70 sample reports for free and read up on current industry news and how SAS 70 audits is affecting various business segments in today’s economy.
Jul 9 2008 2:27AM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
regulatory compliance,
audits,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
The SAS70 audit guide is a series of reports that will help educate individuals on this widely used auditing standard that was developed in 1992. Section 1.0 gives readers a brief history of SAS 70 audits.
What’s important to note about the auditing standard is that it’s main purposes is to examine an organization’s internal controls or control environment. The auditing standard gained much traction within the last five years due to the passage of the Sarbanes Oxley Act, simply known as SOX to many. At the time of the passing, no one probably knew the implications that section 404 of the SOX act would have on SAS 70 audits. Needless to say, it has been extremely significant. Other regulatory legislation, such as HIPAA and GLBA, have also contributed to the rise of the auditing standard.
To learn more about SAS 70 audits, visit the official resource guide, where current white papers on the auditing standard can be read, along with sas 70 pricing and the ability to obtain SAS 70 sample reports for educational purposes.
