Regulatory Compliance, Governance and Security

Jul 3 2008   1:24AM GMT

SAS 70 Audits | Tips on Getting a Fair Fee



If your organization needs to embark on SAS 70 Type I or Type II compliance, here’s what you need to know about getting a fair, equitable fee from a CPA firm that proposes on the audit.

    • Discuss what the scope of the audit will be, that is, is it a general controls audit or does the SAS 70 Type I or Type II audit proposal include provisions for examining specific business processes. This is vitally important because the organization requiring you to be SAS 70 compliant may very well have special provisions for the audit. Talk to your clients and communicate this with CPA firms giving you a proposal.
    • Determine the testing time period of the audit, if a SAS 70 Type II is being conducted. Generally speaking, the longer the test period, the more testing will be done, thus the audit will be more costly. See if a six (6) month testing period will suffice for your client’s demands.
    • Once you have determined scope, make sure to discuss where and when testing will take place. The more physical locations the auditors have to visit, then the more costly the audit will be. You may be able to test for the audit at one central location, so be sure to come to an agreement on this early.
    • Make sure the proposal is a fixed fee. In today’s economy with rising gas, food, and transportation costs, any non-audit, out of pocket fees can become quite costly. A fixed fee will help mitigate some of these unknown, variable costs.

To learn more about SAS 70 audits or to receive SAS 70 sample reports, visit the official SAS 70 Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: