SEC

SAS 70 & Investment Advisers Act of 1940 | Proposed Changes

The SAS 70 auditing standard looks to become a vital component of the proposed changes for the Investment Advisers Act of 1940. In short, the recent scandals and ponzi schemes that resulted in the loss of billions of dollars for investors is receiving a wakeup call from the Securities and Exchange Commission (SEC).

The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (File No. S7-09-09). This lengthy document is proposing the use of “surprise examinations” and a “internal control report” on entities that have custody of client funds or securities or instead serves as a qualified custodian for client funds or securities.

Currently the “surprise examination” is discussed as a “written report from an independent public accountant” while the “internal control report” is essentially described as a SAS 70. Though still in the proposal stages (and waiting on comments from the industry, which are due by July 2009), two things are almost certain: 1. There will be more regulatory oversight and 2. the SAS 70 auditing standard will likely be utilized for both the “surprise examination” and the “internal control report”.

If you are an investment adviser or related person that has custody of client funds or securities and you perform custodial operations, then it is time to understand the SAS 70 audit process and how it will impact your organization. You can obtain a sample SAS 70 Type II Report and list of sample custodial control objectives by visiting the SAS 70 Resource Guide.

Sarbanes Oxley (SOX) and SAS 70 | Understanding the relationship

Many people often ask me what exactly is the relationship between SOX and SAS 70. The relationship between SOX and SAS 70 begins with Section 404. Because management must report annually on it’s effectiveness of internal controls, it then has an obligation to inquire and inspect on all controls considered vital to the organization as a whole, but more importantly, to it’s financial reporting process. Since a large number of publicly traded companies outsource a host of critical services, these outsourcer providers, commonly referred to as “service organizations”, are considered an integral component for purposes of financial reporting. Therefore, a due-diligence process must be enacted to have their internal controls observed and certified. The Securities and Exchange Commission’s (SEC) Chief Accountant and the Division of Corporation Finance has stated that “In many situations, a registrant relies on a third party service provider to perform certain functions where the outsourced activity affects the initiation, authorization, recording, processing or reporting of transactions in the registrant’s financial statement. In assessing internal controls over financial reporting, management may rely on a Type 2 SAS 70 report.” So, there you have it. If you want to learn more about SAS 70, visit the most in-depth web site available on Statement on Auditing Standards No. 70, at www.sas70.us.com