Turkey: Training Session
Japan: Assessment Session
Tunisia: Training and Assessment
SAS 70 Assessment Services
SAS 70 has been replaced by SSAE 16 from 15 June, 2011. For more information please visit: SSAE 16 - Statements on Standards for Attestation Engagements 16.
What is SAS 70 Assessment Services?
In today's global industry economic, service organizations or service providers are required to demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for reporting design and operational effectiveness of a service organization's internal controls over processing transactions.
SAS No. 70 enables service organizations to disclose their control activities, their effectiveness and processes to their customers and their customers' auditors in a uniform reporting format.
So, if you are a serious IT/BPO service provider with clientele in US β give us a call so that we can help you obtain a competitive advantage to your services - by either providing you with an independent Third Party Audit Report (TPA) and / or a full fledged SAS 70 Certification
Objective of SAS 70 Assessment service
The SAS no.70 report was designed to enable user auditors to obtain an understanding of controls over activities, processes and functions performed at a service organization that are part of a user organization's information system. AICPA generally accepted auditing standards require auditors to obtain an understanding of an entity's internal control sufficient to plan the audit. This understanding should encompass controls placed in operation by the entity and by service organizations whose services are part of the entity's information system. If the user auditor determines that the service organization's controls are significant to the user's internal control, the user auditor should gain a sufficient understanding of these controls to plan the audit (as required by SAS no. 55, Consideration of Internal Control in a Financial Statement Audit, as amended.) (Note: SAS No. 55 will be superseded by a new standard in early 2006.) The user auditor can gain this understanding by performing specified procedures at the service organization, or if a service auditor's report is available, by reading the service auditor's report, the description of controls, and the results of the service auditor's procedures. The user auditor should link controls at the service organization to assertions in the user organization's financial statements. The user auditor should read the service auditor's report to make sure it addresses the controls that are relevant to the specific service provided to the user organization.
Why get a SAS 70 audit?
Some reasons that service organizations are asked to be compliant include:
Fore mostly, the principal reason is often a requirement of an organization seeking to outsource their critical business functions to service firms. But underneath their requested audit, recent legislated rulings, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Gramm-Leach-Bliley Act of 1999, and most notably, the Sarbanes-Oxley Act of 2002 (SOX) have advocated protection of privacy, corporate accountability, and establishment of internal controls throughout organizations. Thus, a need was created in many industries for a due diligence process that can aggregate many of the principles found within these three acts and provide companies with a high level of assurance and confidence when using service organizations for outsourcing critical business functions.
Moreover, advances in technology utilized in nearly all significant business activity has raised the need for watchful oversight and accountability around many of these information systems. Many transaction processing activities undertaken by today's businesses have two common traits: they are assisted or conducted primarily by means of technology and they have internal controls built in and around them for ensuring their success.
While the AICPA's Statement on Auditing Standards No. 70 was not designed as a technology audit, it has become an effective compliance tool for examining and testing a service organization's information system and its related internal controls.
SAS 70 Assessment Service Methodology
Our Methodology of SAS 70 Assessment is as follows:-
Focus to achieve SAS 70 compliance in 06 to 12 months period of time.
For detail information visits the following Audit patterns:-
Benefits of SAS 70 Assessment Service
A SAS 70 audit offers many potential benefits to service organizations. We have found that some clients indicate such benefits as the following:
How can DQS help with your SAS 70 Assessment?
Our Methodology of Assessment is Plan, Audit, Execute and Manage.
Please feel free to contact us. We are looking forward to hearing from you!
Please note: Email communication would be preferred mode of communication.
Disclaimer: Consulting and other specialized assessments services are provided through a separate legal entity in order to have full compliance to the broader principles of conflict of interest & specifically in compliance to ISO 17021 and SEI Conflict of Interest Policy.