Regulatory Compliance, Governance and Security

Jul 17 2009   12:58PM GMT

SAS 70 Type II Audit Compliance | Expert Advice from a SAS 70 Auditor



After years of working with the SAS 70 auditing standard, there comes a time when i need to clarify and hand out helpful advice to service organizations that will soon be undertaking the process of an actual SAS 70 audit. So, let’s discuss some important issues for making sure you achieve SAS 70 Type II compliance in a cost-effective and timely manner.

1. Get a FIXED FEE for the audit. Hire a firm that gives you one price for all activities associated with the audit.

2. DO conduct a SAS 70 Readiness Assessment. This is vital to the audit and in helping frame the scope of the audit, while also giving your organization the time to correct any gaps or weaknesses found. A good, quality, and reputable CPA firm will offer this service and many times as part of the entire fixed fee.

3. Do ask about how testing is conducted by the firm you have hired. That is, how do they conduct sampling, what is their method for determining an “exception” to the audit process, etc. In short, communicate frequently and often and ask the right questions.

If you want to learn more about SAS 70 audits, then visit the official SAS 70 Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: