Statement on Auditing Standards No. 70

SAS 70 Audit and Compliance | Financial Services are Next in Line

SAS 70 Audit and Compliance will soon be entering the financial services and financial sector in a much more in-depth manner in the coming years. Sure, SAS 70 audits have been widely used on asset accounting, hedge funds, trust establishments, but the push will be much further and deeper in the coming years. Thank Mr. Madoff and his ponzi schemes along with increased regulatory compliance from the Obama administration.

Currently, the United States Securities and Exchange Commission (SEC) is looking into having Registered Investment Advisers being required to have an annual “surprise audit” and/or an “internal control” audit. In short, the default without question will be Statement on Auditing Standards No. 70.

The Obama administration is also looking into many other avenues of regulatory compliance that may include various provisions of additional auditing and oversight. Thus again, SAS 70 Type II audits may very well become quite transparent and well-known in other financial sectors. Let’s wait and see what truly unfolds in the coming months.

Visit the official SAS 70 Resource Guide to learn more about Type I and Type II audits.

SAS 70

Statement on Auditing Standards No. 70, simply known as SAS 70 to many, has had a profound impact on regulatory compliance since the passage of the Sarbanes Oxley Act in 2002. As a SAS 70 auditor for many years, i’ve been asked a broad and wide range of questions regarding the who, what, where, when and why of SAS 70 Type I and SAS 70 Type II audits. Thus, if you need to learn everything you possibly can about SAS 70, then visit the official SAS 70 Resource Guide, where a voluminous amount of information is available.

Now, with that said, let me touch on a subject that has been brought up so many times it feels like a broken record: SAS 70 PRICING. So, what do they cost? What SHOULD they cost? These are some of the questions i fielded over the years. With that said, i can tell you what my honest best assessment is for pricing on these engagements, so here you go.

A general controls SAS 70 Type I that covers no real business processes and all fieldwork can be done at one location should be between $15,000 and $25,000.

A general controls SAS 70 Type II that covers no real business processes and all fieldwork can be done at one location should be between $25,000 and $35,000. Thus, subsequent years “could” see a decrease in fees (marginal, that is) if the control environment stays somewhat static.

If you start adding in requirements to test a wide array of specific “business process” controls, the price will go up. Keep in mind, some firms may charge (and do) a slightly cheaper fee than i’ve just quoted. But remember, you get what you pay for, especially for auditors. Find that healthy medium from a quality, boutique CPA firm that specializes in SAS 70 audits and you should be fine.