SAS 70

Jul 22 2008   12:48AM GMT

Is there an elephant in the room? Or did someone just find a SAS70 Audit internal control deficiency/exception?



Posted by: SAS70ExPERT
Tags:
Auditing
CIO
Compliance
Risk management
SAS 70
Security
Third-party services

As a CIO or CSO, what should you do when a SAS 70 auditor finds an exception or an internal control that is not working during your SAS70 audit? Sometimes, in extreme cases as in a family death — there is silence, screaming and shouting, grieving, and then finally acceptance. When an auditor meets with the Chief Executive Officer, it is key that you understand the difference between a material weakness and an internal control deficiency.

 

A “material weakness” is a internal control deficiency or combination of control weaknesses such that they result in a significant misstatement of revenue or expenses in your financial statements.

 

A deficiency in internal control exists either in design or operation of a control. A design deficiency exists when you forgot that you had to reconcile inventory. You have been concentrating on sell, sell, sell, and you forgot you had to determine how much inventory you had on hand each month. It happens. An operational deficiency occurs when your Accounting Manager just didn’t perform up to par and the reconciliations they were supposed to do for inventory just weren’t done each month.

 

Knowing the difference during these difficult economic times is important. So when the white elephant comes into the room, take a deep breath — If you understand the differences in a material weakness and a significant deficiency, you have the information you need to discuss the results of the SAS70 audit and determine the next steps.  Sas70ExPERT@gmail.com

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: