Home > IT Answers > CIO > SAS70
SAS70ExPERT
125 pts.
0
Q:
SAS70
Compliance, Auditing, Risk analysis, SAS 70
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
ASKED: Jun 20 2008  5:13 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Eigenstein
75 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
There is a standard template for Control Objectives available on the AICPA website. That is usually very useful in beginning to understand control objectives.

The Control Objectives are a lot like Policies - they make a statement. From there you need to have control procedures that meet the control objectives - these are what the auditors will test to confirm that your controls are in place.

It's also good to consider what clients are asking for a SAS 70 report. What applications do they care about? There are good application Control Objectives you can apply to such applications.

Try reading some SAS 70 reports from companies similar to your own for some ideas.
Last Answered: Jun 25 2008  5:12 PM GMT by Eigenstein   75 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0