Regulatory Compliance, Governance and Security:

SAS 70


January 9, 2011  6:59 PM

SSAE 16 vs. SAS 70 | Here’s What You Need to Know



Posted by: Charles Denyer
at section 101, description of its system, ndb, SAS 70, service organization control reports, soc 1, soc i, SSAE 16, written statement of assertion

SSAE 16 vs. SAS 70 seems to be a hot phrase as of late and for good reason. After approximately 19 years of faithful service of reporting on controls at service organizations, the SAS 70 auditing standard is being effectively replaced by SSAE 16. There's much...

November 17, 2010  5:22 PM

SSAE 16 | Description of the “System” | What you Need to Know



Posted by: Charles Denyer
charles denyer, description of controls, description of system, ndb, SAS 70, SSAE 16

Enter SSAE 16 and it's new requirement for service organizations to provide a description of its "system". As for out with the old...


September 29, 2010  8:54 PM

ISAE 3402 and SSAE 16 | Say Goodbye to the SAS 70 Auditing Standard



Posted by: Charles Denyer
description of its system, ISAE 3402, SAS 70, service organization, SSAE 16, written assertion by management

ISAE 3402, The International Standard on Assurance Engagements,“Assurance Reports on Controls at a Service Organization” and SSAE 16, Statement on Standards for Attestation...


July 22, 2010  9:25 PM

SSAE 16 Readiness Assessments | The Transition from SAS 70 Begins



Posted by: Charles Denyer
ISAE 3402, SAS 70, ssae 16 readiness assessments, type 1, type 2

SSAE 16 Readiness Assessments will without question become a hot "to do" list for many service organizations who are effectively transitioning from SAS 70 to the new SSAE 16...


July 21, 2010  11:53 AM

SSAE 16 | Preparing your Organization for the New Changes



Posted by: Charles Denyer
charles denyer, ISAE 3402, SAS 70, SSAE 16

SSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), will force a large number of service organizations to fundamentally re-address many of the compliance issues that they...


July 14, 2010  6:35 PM

SSAE 16 | Statement on Standards for Attestation Engagements No. 16



Posted by: Charles Denyer
ISAE 3402, SAS 70, SSAE 16

SSAE 16, the new attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), will effectively replace Statement on Auditing Standards No. 70 (SAS 70) as the primary standard used for...


May 17, 2010  11:24 AM

ISAE 3402 | A New Standard Has Arrived for Reporting on Service Organizations



Posted by: Charles Denyer
charles denyer, ISAE 3402, SAS 70, SSAE 16, written assertion by management

ISAE 3402, put forth by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC), will play a large and ever-expanding role for reporting on controls at service organizations. ...


December 11, 2009  1:42 PM

Could Sarbanes-Oxley (SOX) be Killed? | An Auditor’s Viewpoint



Posted by: Charles Denyer
charles denyer, PCAOB, Sarbanes-Oxley, sarbox, SAS 70, SOX

Well, i'm sure by now millions of people have read the article in Newsweek about how Sarbanes-Oxley (SOX) could be brought down to it's knees and killed. Compliance auditors are getting cold...


November 25, 2009  8:20 PM

SAS 70 Audits and PCI DSS Assessments | Expert Advice from an Auditor



Posted by: Charles Denyer
charles denyer, payment card industry data security standards (PCI DSS), PCI DSS, pci dss assessments, SAS 70, type II

SAS 70 audits and PCI DSS assessments are truly starting to dominate the regulatory compliance landscape. For a large number of our firm's clients, we actively assess them for yearly SAS 70 and PCI DSS compliance. The chatter of late is surrounding what efficiencies of scale, if any, can be had...


November 20, 2009  1:14 AM

SAS 70 and Business Continuity Planning (BCM) | What you Need to Know



Posted by: Charles Denyer
aicpa, BCM, Business Continuity Disaster Recovery, charles denyer, control objectives, SAS 70, sas 70 type ii, type i

As a SAS 70 auditor, i'm often asked if Business Continuity and Disaster Recovery (or any of the other similar terms and phrases used) is part of the actual SAS 70 audit. In fairness, it is even though "technically" it does not fall into a...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: