Dec 30 2008 2:19PM GMT
Posted by: Charles Denyer
Auditing,
audits,
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 overview presentation,
sas70,
sas 70 type ii,
SAS 70 Type I,
sas70 pricing,
sas70 readiness assessment questionnaires,
sas 70 audit report
If your organization is seeking to become SAS 70 Type I or SAS 70 Type II compliant for 2009, then its time to roll up your sleeves and learn all you can about what a SAS 70 audit actually is along with many of its inner workings? And why? Knowledge is power. The more information you have about what a SAS 70 audit truly is, then the more informed you are about issues for the audit, such as scope, pricing, testing of controls, just to name a few. Think all SAS 70 audits are alike? Not quite. Does every CPA firm follow the same roadmap when conducting auditing and test procedures for SAS 70 audits? Hardly.
With that said, visit sas70.us.com and learn all you will ever need to know about Statement on Auditing Standards No. 70, simply known as SAS 70. You will be able to obtain critical information regarding SAS 70 audits, such as the history of the auditing standard, pricing considerations and factors to be taken into consideration for a SAS 70 audit, a SAS 70 roadmap for compliance checklist, just to name a few. It’s all part of being able to provide interested readers with a comprehensive guide to one of the most widely used and recognized audits in today’s business world.
So before you accept any proposals from any number of CPA firms that specialize in SAS 70 audits, take the time to educate yourself on the inner workings of what a SAS 70 audit actually is.
Today’s regulatory compliance mandates are here to say, and so are SAS 70 audits.
Nov 29 2008 5:30PM GMT
Posted by: Charles Denyer
Compliance,
SAS 70,
SAS 70 readiness questionnaire,
sas70,
sas70 sample reports,
sas 70 control objectives,
sas 70 type ii,
SAS 70 Type I,
sas70 pricing,
sas70 readiness assessment questionnaires,
sas 70 audit report
People often ask me what the price of a SAS 70 Type I or SAS 70 Type II audit is. My response? That depends, I say, on many, many factors. Here is what needs to be understood when considering pricing factors for SAS 70 Type I and Type II audits:
1. The CPA firm-Are you looking for brand recognition or are you looking for a cost-effective provider which can simply help you “check the box” for SAS 70 compliance.
2. Scope-What is being examined and tested from a control perspective for SAS 70 audits? Are you looking for just a general controls audit or an audit that also includes specific business processes?
3. Testing period: For SAS 70 Type II audits, what is the testing period going to be? The longer the test period, the more the audit will cost as auditors have to pull larger samples, do more testing, etc.
4. Location of testing: How many physical areas does your organization have that will fall under the scope of the SAS 70 audit? Having more than one means that auditors will ultimately have to travel to numerous locations to conduct more testing. Again, more locations, more time, money, and expenses out of your pocket for the audit itself.
5. Are you confident you can obtain SAS 70 compliance without conducting a SAS 70 readiness assessment? If not and you need assistance identifying weaknesses and gaps within your control environment, then expect to spend more time, money, and resources on the front end of a SAS 70 audit for preparing in an adequate manner.
As you can see, there is no quick, easy, black and white answer to the cost of a SAS 70 Type I or Type II audit.
To learn more about statement of auditing standards no. 70, visit the official sas 70 resource guide, where you can obtain a wealth of information on sas 70 audits.
Nov 28 2008 10:43PM GMT
Posted by: Charles Denyer
audits,
SAS 70,
SAS 70 readiness questionnaire,
sas70,
sas 70 control objectives,
sas 70 type ii,
SAS 70 Type I,
sas70 readiness assessment questionnaires,
sas 70 sample report,
sas 70 audit report
Successful completion of SAS 70 Type I or SAS 70 Type II audit reports should start with undertaking a SAS 70 Readiness Assessment. A readiness assessment is an important part of the audit process in that it helps identify weaknesses, gaps, and deficiencies within your organization’s control environment. Many organizations unfortunately rush into a SAS 70 Type I or Type II audit, and as a result, suffer the consequences of ill-planning and mismanagement. The result? More time, fees, and man hours are put into the audit, which in all actuality, really shouldn’t of been if they had started off with a readiness assessment.
Furthermore, some firms even offer free SAS 70 Readiness Assessment questionnaires for helping your organization prepare and undertake the audit itself. What’s more, quality CPA firms can develop templates that are highly customized to your specific industry, thus adding even more value to the SAS 70 Readiness Assessment phase. As the old saying goes, you crawl before you walk, it’s wise to conduct a SAS 70 Readiness Assessment before embarking on the actual audit process.
To learn more about SAS 70 audits, visit the official SAS 70 Resource Guide, where you can obtain a wealth of information on SAS 70 audits.
Sep 20 2008 2:23PM GMT
Posted by: Charles Denyer
Security,
audits,
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 checklist,
sas70,
sas70 sample reports
As a SAS70 auditor, I’m often asked about how organizations should prepare for a SAS70 audit. In fact, companies and organizations alike commonly ask me for a SAS70 checklist. I simply reply by asking a checklist for what-on how to prepare for the audit, on what the audit scope is, etc? You see, the phrase SAS70 checklist is just too broad and vague.
What organizations really need to do for preparing for a SAS70 audit is to conduct a SAS70 Readiness Assessment, which essentially covers a broad range of topics and subject matter for a SAS70 Type I or SAS70 Type II audit. In fact, a SAS70 Readiness Assessment will help your organization truly understand what a SAS70 audit is, how an organization actually undertakes this type of audit, along with other essential activities. Here’s an example of the core functional areas that a SAS70 Readiness Assessment would cover within an organization. Please keep in mind that this is a general reference and scope can change based on the SAS70 audit itself. But by and large, any reputable CPA firm helping you with a SAS70 Readiness Assessment will almost surely include these areas:
* Organization and Administration-Executive Tone & Human Resources
* Incident Management
* Change Management
* Logical Security
* Network Security
* Physical Security
* Environmental Security
* Computer Operations
* Business Continuity and Disaster Recovery Planning (BCDRP)
To learn more about SAS70 audits, visit the official SAS70 Resource Guide, where you can receive a sample SAS70 audit report.
Aug 28 2008 1:07PM GMT
Posted by: Charles Denyer
Compliance,
managed services,
DataCenter,
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 download,
sas70 sample reports,
data centers
If you are a data center or manged services provider and need a SAS 70 audit, then here are some helpful tips and strategies for finding the right firm, getting a fair and equitable fee, and for ensuring you have the proper scope for the audit.
Today’s data center are complex entities, providing customers with a broad array of services, thus it’s important your SAS 70 report meets and exceeds the objectives of the audit for you and your customers.
1. First and foremost, find a CPA firm that specializes in not only SAS 70 audits, but one that has a strong understanding of the services offered by your organization. From ping, power, and pipe to highly complex managed services, it’s important to remember to keep all critical services within the scope of the audit.
2. Get a fixed fee for your audit. With the rising cost of expenses, such as gas, travel and other ancillary services ,getting a “fixed fee” for your SAS 70 audit ensures that costs are contained, and you have an exact idea of what you will be paying for the audit. SAS 70 audits that do not include expenses will ending costing data centers approximately an additional 20% or more over the original agreed fee. Hourly rates for auditing data centers should be considered a thing of the past-work hard to get a fixed. fee.
3. Scope the audit correctly by making sure the CPA firm conducting the SAS 70 audit includes the following areas for examination and testing:
- Executive Tone
- Human Resources
- Customer Contract Process
- Customer Provisioning Process
- Incident Management
- Change Management
- Logical Security
- Network Security
- Physical Security
- Environmental Security
- Computer Operations
There also a number of Data Center best practices that should be in place for helping facilitate the overall success of the SAS 70 audit.
To learn more about SAS 70 audits or to receive a SAS 70 sample report, visit the official SAS 70 Resource Guide.
Aug 27 2008 12:05PM GMT
Posted by: Charles Denyer
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 checklist,
sas70,
sas70 sample reports
The tremendous growth of SAS 70 audits has been felt in many industries, requiring service providers (commonly known as service organizations in the SAS 70 world) to undergo an annual SAS 70 Type II audit. If your organization is new to the SAS 70 audit process, here are some helpful tips for ensuring you find the right firm, a fair fee, along with other important considerations and factors regarding statement on auditing standards no. 70.
1. Find a firm that specializes in SAS 70 audits. This is not too terribly difficult as there are many firms out there providing this services for this specialized audit.
2. Make sure the firm has industry experience, not just general SAS 70 experience. Sounds easy, but it would be wise to pick a firm that has conducted SAS 70 audits in your industry, thus a have a working knowledge of your operations and what to expect
3. Define the scope EARLY. Make sure your organization and the CPA firm conducting the SAS 70 audit come to an understanding very early on regarding the scope of the audit. Too small a scope and the SAS 70 audit may have little value. Too large a scope and you may be spending more time, money, and effort than is needed.
4. Get a fixed fee for the audit. That’s right, make sure the proposal you receive is fixed, meaning it include all out of pocket, travel related expenses. A non-fixed fee proposal will likely tack on an additional 20% for out of pocket fees.
5. Ask for templates and questionnaires so you can conduct your own SAS 70 Readiness Assessment. Many CPA firm charge for this service, but some firms are willing to give you the templates free of charge. It’s a great tool for audit preparedness in regards to completing the SAS 70 audit in a successful manner.
To learn more about statement on auditing standards no. 70 or to receive a sample SAS 70 report, visit the official SAS 70 Resource Guide.
Aug 26 2008 11:23AM GMT
Posted by: Charles Denyer
Sarbanes-Oxley,
regulatory compliance,
SAS 70,
SAS 70 readiness questionnaire,
SAS 70 download,
sas70,
sas70 sample reports
SAS 70 audits are being performed on many service organizations in today’s growing regulatory compliance economy. From federal legislation, such as Sarbanes-Oxley to HIPAA, the SAS 70 auditing standard has been pushed to the forefront of the business arena. It’s becoming such a big requirement now that many request for proposals (RFP) are demanding that a service organization be SAS 70 compliant for even bidding on work or submitting a proposal.
So let’s erase some myths and misconceptions about the SAS 70 auditing standard. First and foremost, the audit can be done in an efficient, cost effective manner, provided you find a firm that has a good working knowledge of the SAS 70 auditing standard AND your industry. Put both of those variables together, and you should get a good fee from a quality auditor who truly knows what they are doing.
Secondly, you don’t have to do a SAS 70 Type I first if you need a SAS 70 Type II. Why waste thousands of dollars on a Type I when it’s not really what you needed? Some CPA firms will try and sell you the full package, often including a Type I by stating its needed to begin the audit process. What you need to start with instead is a SAS 70 Readiness Assessment, which will get your organization up to speed and ready for the actual SAS 70 Type II audit.
Lastly, SAS 70 audits can be a reasonable financial proposition, if you use a firm with experience that has a working, scalable model, resulting in efficiency and cost-effectiveness.
If you want to learn more about SAS 70 audits, visit the official SAS 70 resource center where you can receive SAS 70 sample reports for review.
Jul 21 2008 6:23PM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
Sarbanes-Oxley,
regulatory compliance,
audits,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
SAS70 Type I & Type II audits can be daunting indeed to many service organizations, but they shouldn’t be. The more you learn about what SAS70 is, the better prepared you will be for going through a SAS70 audit. Let’s start with the basics, that is, educate yourself on what a SAS70 Type I & Type II audit is, and what are the differences.
Furthermore, obtain SAS70 sample reports electronically to see what a final SAS70 service auditors report actually looks like. Additionally, learn about what it takes in the step by step process for undertaking a SAS70 audit. There are many different stages, activities, and deliverables that comprise of a SAS70 audit, so its a good idea to educate yourself on what they are, when they occur, what to expect, and what the commitment is from your organization in terms of manpower and resources.
Beginning with a SAS 70 readiness questionnaire assessment, then culminating with the delivery of the actual service auditor’s report, you need to learn firsthand what’s involved for this type of an audit.
You can also learn more by visiting the official SAS70 resource guide, where a wealth of information is available, such as white papers on SAS70 along with current industry news affecting the auditing standard itself.
Jul 18 2008 1:55AM GMT
Posted by: Charles Denyer
Security,
HIPAA,
Compliance,
Auditing,
SOX,
GLBA,
audits,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 download,
SAS 70 checklist,
SAS 70 overview presentation
You can obtain SAS70 sample reports if you are interested in learning more about the SAS70 auditing standard. Many service organizations have to go through a SAS70 audit and would like to learn more about the auditing standard. Thus, a SAS70 Type II example report, which can be obtained from the official SAS70 Resource Guide, will give readers an in-depth understanding of the inner workings of a SAS70 audit, along with providing an excellent example of what the contents of a report are.
SAS 70 sample reports can also help better educate your organization on the auditing standard, ultimately giving you more knowledge and understanding of the audit when you begin the selection process of finding a CPA provider to conduct the SAS70 Type I or Type II audit for your organization.
Additionally, current white papers along with various information on relevant industry news is also available for learning more about SAS70 audits both Type I and Type II audits. Current industries being heavily affected by the SAS70 auditing standard are financial services, information, and health care. The past decade has seen numerous federals laws and legislations implemented that have placed a large emphasis on security, privacy, and an organization’s overall control environment. What’s more, SAS70 audits have quickly become the default tool used to ensure service organizations are in compliance with these ever expanding regulatory compliance laws.
