If your company is needing to be SAS70 compliant, then a good start is to learn about what a SAS70 audit is and what the difference is between a SAS70 Type I & SAS70 Type II audit report.
In short, a SAS70 Type I is simply an audit that is a snapshot in time; an audit for a particular day. For example, a Type I report would be given a date of August 31, 2008.
A SAS70 Type II audit report is a report that will test the operating effectiveness of those controls over a time period, traditionally six (6) months. For example, a SAS70 Type II report would cover a period from January 1, 2008 to June 30, 2008.
It is important to note that a SAS70 Type II is what the market is calling for, that is, it suffices for Sarbanes Oxley compliance and is looked upon as a much superior audit than a SAS70 Type I report.
A good example of learning more about SAS70 audits is to obtain a SAS70 sample report, whereby you can read and understand what the major components and parts are of a final report.