SAS70
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
Software/Hardware used:
Software/Hardware used:
ASKED:
June 20, 2008 5:13 AM
UPDATED:
June 25, 2008 5:12 PM
Answer Wiki:
There is a standard template for Control Objectives available on the AICPA website. That is usually very useful in beginning to understand control objectives.
The Control Objectives are a lot like Policies - they make a statement. From there you need to have control procedures that meet the control objectives - these are what the auditors will test to confirm that your controls are in place.
It's also good to consider what clients are asking for a SAS 70 report. What applications do they care about? There are good application Control Objectives you can apply to such applications.
Try reading some SAS 70 reports from companies similar to your own for some ideas.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
