Regulatory Compliance, Governance and Security:

SAS 70


August 3, 2009  7:25 PM

SAS 70 Audits and PCI DSS Assessments | What you NEED to Know



Posted by: Charles Denyer
merchants, payment card industry data security standards, PCI DSS, pci dsss level 1 assessments, SAS 70, sas70, service organizations, service providers, type i, type II

SAS 70 audits and PCI DSS Assessments are on everybody's radar screen today, or though it seems. Particularly, SAS 70 Type II Audits and Payment Card Industry Data Security Standards (PCI DSS) Level I assessments. And why? Because many service organizations, merchants, and service providers are...

July 8, 2009  7:27 PM

SAS 70 Compliance | Why a Readiness Assessment is Essential for the Audit



Posted by: Charles Denyer
control environment, gap analysis, SAS 70, sas 70 readiness assessment, sas 70 resource guide, sas70.us.com, type i, type II

Many service organizations having to undergo SAS 70 Type I or SAS 70 Type II compliance would greatly benefit from a SAS 70 Readiness Assessment. So, let's clear the air as to what this actually is. A SAS 70 Readiness Assessment should be a proactive exercise which actually benefits the overall...


June 3, 2009  6:34 PM

SAS 70 | Surprise Examination | Internal Control Report for Investment Advisers



Posted by: Charles Denyer
charles denyer, client funds, File No. S7-09-09, internal control report, qualified custodian, sample sas 70 type II report, SAS 70, securities, surprise examination, The investment Advisers Act of 1940

The SAS 70 auditing standard is sure to become a necessary element of the proposed changes for the Investment Advisers Act of 1940. The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (


May 30, 2009  8:26 PM

SAS 70 Control Objectives for Investment Advisers | Custodial Operations



Posted by: Charles Denyer
cash and security positions, charles denyer, client funds or securities along with performing custodial duties and operations, control objectives, custodial operations, Custody of Funds or Securities of Clients by Investment Advisers, File No. S7-09-09, investment advisers, investment advisors, market values of securities, net settlement procedures, sample sas 70 type II report, SAS 70, sas70.us.com, securities income

The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (File No. S7-09-09), calling for more oversight and controls over...


May 10, 2009  2:59 PM

COSO | SAS 55 | SAS 70 | SAS 78 | Understanding the Relationship



Posted by: Charles Denyer
aicpa, american institute of certified public accountants, charles denyer, coso, internal controls, sas 55, SAS 70, SAS 70 Type I, sas 78, The Committee of Sponsoring Organizations of the Treadway Commission, type ii audit

COSO is a widely used and accepted internal control framework in today's growing corporate governance initiatives. It's also heavily found in Statement on Auditing Standards No. 70 (SAS 70) audits. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework essentially...


April 27, 2009  11:18 AM

Virtualization and Cloud Computing | How and Why Auditing WILL change



Posted by: Charles Denyer
charles denyer, cloud, cloud computing, pci audits, SAS 70, Virtualization

The whole new wave of I.T. spreading through businesses today is that of virtualization, cloud computing, the "cloud", or any other similar and broad based terms or themes. Many people have hailed this new concept for obvious reasons, such as the reduction of overall hardware gear and space taken...


April 27, 2009  2:06 AM

Sarbanes Oxley (SOX) and SAS 70 | What Does the Future Hold?



Posted by: Charles Denyer
charles denyer, Compliance, corporate governance, PCI, Sarbanes-Oxley, SAS 70, SOX

Sarbanes Oxley and SAS 70 audits have had a monumental impact on corporate governance and compliance. So much so, they almost invented a huge part of the pie. As a SAS 70 auditor, i'm often asked what does the...


March 20, 2009  6:20 PM

SAS 70 Compliance | Tips on Scoping a SAS 70 Audit



Posted by: Charles Denyer
audit, charles denyer, general controls audit, managed services sas 70, SAS 70, sas 70 compliance, sas 70 resource guide, sas 70 type ii

SAS 70 compliance is commonplace for many of today's businesses. Unfortunately, one of the missing ingredients in understanding SAS 70 compliance is the scope of the audit. That's right. The who, what, when, where, and why of the actual SAS 70 audit process....


February 18, 2009  7:53 PM

PCI DSS and SAS 70 Audits | Audit Efficiencies? Maybe…just Maybe



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI DSS, pci dss assessments, qsa, SAS 70, sas 70 audits, sas70

As a SAS 70 auditor and a PCI QSA, i'm often asked about the efficiencies of scale that can be achieved with SAS 70 audits and PCI DSS assessments. I have blogged about this a few times before, so let me be more clear and transparent in what i believe can actually be obtained in regards to audit...


January 29, 2009  1:09 PM

California Security Breach Information Act (SB-1386) | What You Need to Know.



Posted by: Charles Denyer
California SB-1386, California Security Breach Information Act (SB-1386), GLBA, Gramm Leach Bliley, HIPAA, MN PCI DSS, MN plastic card security act, SAS 70

In short, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: