SAS 70

Jul 29 2008   11:51PM GMT

SAS70 audit exceptions

Keith Harrell Profile: SAS70ExPERT

As I have read many SAS 70 audit reports, my perception of the quality of audit reports is varied. As I stated in previous blogs, there are different standards with which to use to implement information technology controls; however, the SAS70 standard does not require an auditor to meet specific information security requirements. Therefore, an auditor may audit network security rather heavily or not at all. If the SAS 70 standard was changed to provide specific requirements related to IT that were to be audited, then more benchmarking of the effectiveness of controls and of the SAS 70 audit would be available. How do you feel about the quality of audit coverage of network security controls in your SAS70 audit?

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: