ALL >> Business >> View Article
What Is Sas 70?
SAS 70 is a well-known acronym that represents a detailed audit of a third-party service organisation. The original one is one of a multitude of statements issued periodically by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). Generally, these statements modify existing auditing standards or introduce new standards. The passing of the Sarbanes-Oxley Act of 2002 meant that the Public Company Accounting Oversight Board (PCAOB) now also issues auditing standards for public companies. This is done on a go-forward basis.
An examination in accordance with it, performed by a service auditor is widely recognised as it shows that an in-depth audit of control objectives and control activities has been completed. Such an audit often includes controls over information technology and related processes. When service organisations or providers host pr process customer data, they must demonstrate in today’s global economy that they have sufficient controls and safeguards. Reporting on the effectiveness of internal control over financial reporting is highlighted in the ...
... requirements of Section 404 of the Sarbanes-Oxley Act of 2002, making SAS 70 audit reports even more important to the process.
With the guidance of it, service organisations can disclose their control activities and processes to customers and their auditors in a uniform reporting format. A service auditor’s report prepared in line with its demonstrates that an independent accounting and auditing firm has examined a service organisation’s control objectives and activities. At the conclusion of its examination, the service auditors report is issued to the service organisation, which includes the service auditor’s opinion.
An independent service auditor is able to gibe an opinion on a service organisation’s description of controls in a Service Auditor’s Report, with the guidance of it. It does not specify a pre-determined set of control objectives or control activities that an organisation must achieve. Auditors must follow the AICPA’s standards for fieldwork quality control and reporting. An audit done with it is not a ‘checklist’ audit.
If a user organisation obtains services from a service organisation then an independent auditor should apply for it, when planning its financial statement audit. Application service providers, bank trust departments, claims processing centres, data centres and third party administrators are examples of service organisation that have an impact on user organisation’s systems of internal controls.
As required in SAS 55, Consideration of Internal Control in a Financial Statement Audit, the auditor gains a sufficient understanding of the organisation’s control to plan the audit. An important step in the auditor’s approach is to identify and evaluate relevant controls an auditor of AICPA may need to obtain an understanding of the controls at the service organisation if it provides transaction processing, data hosting, IT infrastructure and other data processing services to the user organisation. In doing so, the auditor can effectively plan the audit and evaluate control risk.
A Service Auditor’s Report is one of the most effective ways of a serve organisation communicating information about its controls. There are two types of such report †Type I and Type II.
The description of a service organisation’s controls at a specific point in time is described in Type I. A service organisation’s description of controls and a comprehensive testing of a service organisation’s controls over a minimum six-month period, is detailed in Type II. The service auditor will express an opinion in a Type I report on whether a service organisation’s description of its controls is fairly presented, in all material respects, the relevant aspects of the service organisation’s controls that were in operation as at a specific date. The auditor will also have an opinion about the controls being suitable designed for achieving specified control objectives related to Sarbanes-Oxley Act of 2002.
These opinions are also expressed in a Type II report with the added opinion about whether the tested controls were operating effectively to prove reasonable assurance that during the specified period the control objectives were achieved.
About Author:
Sturat enjoys writing articles on topics like SAS 70 and SAS 70. Visit What Is SAS 70?.
Add Comment
Business Articles
1. Sus 321h Tubes With Superior Heat Resistance And StabilityAuthor: Leoscor
2. Hammock Swing Manufacturers: Delivering Comfort, Style, And Durability
Author: sarkar
3. Hammock Chair Manufacturers: Hand-crafting Quality And Stylish Comfort
Author: sarkar
4. Corporate Iban Account: Streamlining Global Payments For Enterprises
Author: finrate
5. Zoetic Bpo Services: Building Stronger Businesses Through Reliable Outsourcing
Author: kajal
6. Zoetic Bpo Services: A Reliable Name In The Bpo Industry
Author: simon
7. Improve Data Quality With Data Entry Outsourcing | Zoetic Bpo Services
Author: naina
8. 2026 Local Seo & Digital Marketing Trends: How Kondapur And Gachibowli Businesses Are Scaling Faster
Author: Sanbrains Seo
9. How Do Non-voice Bpo Projects Improve Data Management And Organization?
Author: EKAT AGARWAL
10. Understand The Connection Between Iso/iec 27001 And Iso/iec 27002
Author: Sqccertification
11. Personal Branding Or Corporate Branding: What Should Come First In 2026?
Author: Pawan Reddy
12. Reliable Long Beach Laundry Service For Busy Lives And Fresh Clothes
Author: Lucy's Laundry & Dry Cleaning
13. Tips To Find The Best Fencing Contractors In Melbourne, Australia
Author: adlerconway
14. Lucintel Forecasts The Global Pe Geomembrane Market To Reach $3,133 Million By 2035
Author: Lucintel LLC
15. The Right Summer Carpet For Us Homes: Pet-friendly Choices And Cleaning Hacks
Author: Vikram Kumar