SAS 70

SAS 70 provides independent third party verification by licensed CPA firms. Each SAS 70 audit is customized to meet the needs of the organization undergoing the audit. The focus of the audit is the specific nature and extent of the control objectives as defined by the organization. Control objectives are often the results of reviewing contracts and service level agreements.

SAS 70 (also defined as the “Statement on Auditing Standards No. 70"), represents the standards by which auditors are required to follow when assessing and auditing the contracted internal controls of a service organization. Service organizations, provide outsourcing services which directly affect the operation of contracting enterprises. The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a summarization of criteria required for auditing standards as originally defined in 1988.

Under SAS 70, auditors reports are considered as either Type I or Type II. With Type I style reports, (also know as Report on Controls Placed in Operation), the auditor evaluates the efforts of a service organization in order to prevent accounting errors. Type I reports provide organizations and auditors with the necessary information regarding the current controls in place. These efforts generally produce the desired future results.

With Type II style reports, the same information as in Type I reports is included, along with the auditor’s attempt to determine which agreed-on controls are functioning properly and effectively and which require attention. The reports cover from the time they were implemented to the present.

For more information on SAS 70 read: