SAS 70

Aug 27 2008   2:30PM GMT

Successful traits of a CIO equal successful SAS70 audits (Part 3) – SAS 70

Keith Harrell Profile: SAS70ExPERT


At 5pm, the CEO returned to his office with a cup of coffee and a very unpleasant frown. He barked out a few orders to his administrative assistant. I knew then that ….it was all going to roll down hill. Apparently, an IT Director signed a vendor contract with some very unfavorable terms. Luckily, the IT Director was no longer with the Company, therefore, the CIO, was the one who would be assigned the cleanup work.


In order to deal with this situation, the CIO would have to quickly understand the requirements of the CEO and the expectations of the vendor. If he failed at delivering for either of them, then the effects could have serious consequences on IT operations. These types of political maneuvers happen everyday and it takes a skillful politician as a CIO to produce favorable results.


A CIO can use her political skills to effectively deal with a SAS70 audit. When an auditor identifies an audit exception, the CIO may fully agree with the auditor; however, the description of the audit exception may need to be qualified in order to maintain a close relationship with the CEO. Sometimes, negotiations are even held over simple words, such as “sometimes” as they can make a big difference in the eyes of the Board of Directors or Audit Committee. What are some of the circumstances that you may have been involved in? Were you successful in avoiding pitfalls? What worked best for you?

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: