Regulatory Compliance, Governance and Security

Jul 4 2008   8:40PM GMT

SAS70 | Definition of the Auditing Standard No. 70



SAS70 audits can be looked upon as an examination of an entity’s control environment. In more technical terms, a SAS70 Type I audit is used to report on controls placed in operation. Thus, a SAS 70 Type II audit is used to report on controls placed in operation and the testing of operating effectiveness.

Quickly, you can see the difference between a Type I and a Type II audit. a Type II audit’s testing of operating effectiveness essentially means that a testing period is undertaken when examining a service organization’s control environment. It’s the main difference between a SAS70 Type I and Type II.

Keep in mind that Type II audits are commonly used for complying with section 404 of the Sarbanes Oxley act. Management (executives of user organizations, that is) must have assurances of their internal control environment, thus, many times a SAS70 Type II audit is required from service organizations who provide outsourcing functions for these very user organizations.

To learn more about what is SAS70, visit the official SAS70 Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: