Dec 30 2008 3:21PM GMT
Posted by: Charles Denyer
Security,
SOX,
regulatory compliance,
audits,
payment card industry,
PCI DSS,
PCI,
pci compliance,
SAS 70,
SAS 70 readiness questionnaire,
What is SAS 70?,
SAS 70 checklist,
sas70,
sas70 sample reports,
pci dss qsa,
sas 70 control objectives,
sas 70 type ii,
SAS 70 Type I,
pci assessment,
sas 70 sample report,
sas 70 audit report,
payment card industry data security standards
When ushering in the new year festivities, keep in mind that a number of regulatory compliance issues will be facing your organization also as 2009 looms just around the corner. No, they’re not stocking stuffers, rather, they can be considered expensive, time-consuming, and arduous, to say the least. Here’s your list of 2009 Regulatory Compliance mandates that may very well find there way into your organization.
SAS 70
SAS 70 Type I and SAS 70 Type II audits have become increasingly popular since the advent of Sarbanes Oxely in 2002. Service organizations, third party outsourcing entities, and a slew of other companies have had to grapple with the time and costs associated with this widely recognized auditing standard. If your organization needs to become SAS 70 Type I or SAS 70 Type II compliant for 2009 and beyond, then take time to learn about this specialized auditing standard via the most comprehensive website available on SAS 70 audits, sas70.us.com. You can even obtain a free sample SAS 70 Type II report along with downloading numerous white papers and other expert subject matte on SAS 70 Type I and SAS 70 Type II audits.
PCI Compliance
Payment Card Industry Data Security Standards (PCI DSS) compliance is fast becoming a hot regulatory compliance issue. The major payments brands, such as Visa, Mastercard, American Express, Discover and JCB, have unilaterally agreed on a number of security provisions for the protection of cardholder data. In summary, any entity directly involved in the processing, storage, or transmission of transaction data or cardholder data should be looked upon as a PCI DSS candidate. But what really is PCI and where can you learn more about compliance and what your organization needs to do? Visit pciassessment.org, a comprhensive guide to understanding what PCI DSS compliance is and who is affected.
Dec 30 2008 2:37PM GMT
Posted by: Charles Denyer
SAS 70,
What is SAS 70?,
SAS 70 download,
SAS 70 overview presentation,
sas70,
sas70 sample reports,
sas 70 control objectives,
sas 70 type ii,
SAS 70 Type I,
sas70 pricing,
sas 70 sample report,
sas 70 audit report
If you are seeking to learn more about SAS 70 Type I and SAS 70 Type II audits, then one of the most effective ways for truly gaining an understanding of the auditing standard is to see what the finished product looks like-that is, a final SAS 70 audit report. Many people voice great frustration when going through their first SAS 70 audit because they truly don’t know what the SAS 70 audit report “looks and feels” like, that is, what is the actual content, format, and layout of the report.
Having a sample SAS 70 audit report prior to commencement of the audit who greatly benefit service organizations as they can visually see the important components of what lies in the report itself. sas70.us.com provides sample SAS 70 Type II audit reports for organizations and individuals looking to learn more about Statement on Auditing Standards No. 70, commonly known as SAS 70.
This report will give you an in-depth layout of what a SAS 70 audit report is, what are the critical components and content that make up the report, and it will also allow you to gain a true conceptual understanding of what the audit is actually undertaken and performed by auditors.
Remember, knowledge is power, so the more you know and learn about SAS 70 audits, the more prepared you and your organization will be in undertaking a SAS 70 Type I or SAS 70 Type II audit.
Nov 28 2008 10:43PM GMT
Posted by: Charles Denyer
audits,
SAS 70,
SAS 70 readiness questionnaire,
sas70,
sas 70 control objectives,
sas 70 type ii,
SAS 70 Type I,
sas70 readiness assessment questionnaires,
sas 70 sample report,
sas 70 audit report
Successful completion of SAS 70 Type I or SAS 70 Type II audit reports should start with undertaking a SAS 70 Readiness Assessment. A readiness assessment is an important part of the audit process in that it helps identify weaknesses, gaps, and deficiencies within your organization’s control environment. Many organizations unfortunately rush into a SAS 70 Type I or Type II audit, and as a result, suffer the consequences of ill-planning and mismanagement. The result? More time, fees, and man hours are put into the audit, which in all actuality, really shouldn’t of been if they had started off with a readiness assessment.
Furthermore, some firms even offer free SAS 70 Readiness Assessment questionnaires for helping your organization prepare and undertake the audit itself. What’s more, quality CPA firms can develop templates that are highly customized to your specific industry, thus adding even more value to the SAS 70 Readiness Assessment phase. As the old saying goes, you crawl before you walk, it’s wise to conduct a SAS 70 Readiness Assessment before embarking on the actual audit process.
To learn more about SAS 70 audits, visit the official SAS 70 Resource Guide, where you can obtain a wealth of information on SAS 70 audits.
Oct 27 2008 9:22PM GMT
Posted by: Charles Denyer
SAS 70,
sas 70 type ii,
SAS 70 Type I,
sas 70 rfp,
sas70 pricing,
sas70 readiness assessment questionnaires,
sas 70 sample report,
sas 70 audit report
SAS 70 audits today are being conducted by CPA firms large and small, big and tall. Though they vary greatly in size, complexity and audit skills, what seems to be the industry standard is a “fixed fee” for the audit. Fixed in meaning that all the fees for the engagement are wrapped and bundled into one price. This “fixed fee” also includes any out of pocket travel and miscellaneous expenses that the CPA firm would incur for doing the audit.
Buyer beware, as not all “fixed fees” are the same. Some “fixed fee” have clauses that say the “fixed fee” is only for the engagement itself and does not include travel or any other expenses you may incur. Additionally, some fixed fees may include the travel and out of pocket expenses may also bill you for preparing reports, after audit consulting fees, etc.
In short, read the fine print and make sure the “fixed fee” really is fixed. Another point, make sure the fixed fee gradually goes down after year one. Why? Because the CPA firm conducting the audit should have a good working knowledge of your company, thus fees should be marginally reduced for subsequent years (5 to 10 percent). However, if your scope changes, then expect the fees to go up.
To learn more about SAS 70 audits, visit the official SAS 70 Resource Guide.
Oct 27 2008 9:03PM GMT
Posted by: Charles Denyer
regulatory compliance,
SAS 70,
sas 70 type ii,
SAS 70 Type I,
sas 70 sample report
SAS 70 Type I and SAS 70 Type II audits are fast becoming a mainstay in today’s regulatory compliance environment. If your organization is seeking to become SAS 70 Type I or SAS 70 Type II compliant in the near future, then here are some helpful tips in adequately preparing for all aspects of the audit.
1. Requirements-Do you need a SAS 70 Type I or SAS 70 Type II audit?
2. What is the scope of the audit? What business lines, services, and operations have to be covered in the SAS 70 audit. Are their specific demands that need to be within the audit that somebody is asking for?
3. Pricing-Always obtain three (3) quotes and get a “fixed fee” for the audit, that is, the entire audit, including travel and all out of pocket expenses, are included within the fixed fee.
4. Testing period-If moving forward with a SAS 70 Type II audit, what is the test period going to be (note: test periods are traditionally 6 or 10 months long-you will have to identify this with the CPA firm that will be conducting the SAS 70 audit)
5. SAS 70 Readiness-Make sure you conduct a Readiness Assessment before moving forward with the audit. It will prove invaluable in understanding your control environment.
To learn more about SAS 70 audits, visit the official SAS 70 Resource guide, where you can obtain a wealth of information on SAS 70 audits, including a sample SAS 70 report.
