SAS 70 Audits

What is a SAS 70 Audit?

A Statement on Auditing Standards No. 70, more commonly known as a SAS 70 Audit, is an audit standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 Audit provides an independent, objective analysis and reporting on the design, implementation and operating effectiveness of the controls and processes performed within a service organization.

Some examples of service organizations include insurance and medical claim processors, payroll companies, 401(k) administration, inventory storage facilities, freight payment companies, software developers and vendors and asset investment services.

The SAS 70 Audit is highly regarded due to the fact that a favorable opinion demonstrates that an organization has withstood a stringent audit of their internal controls. In today’s environment it is important that a service provider have strict controls over their information technology in order to safeguard information and data belonging to their customers.

Upon completion of a SAS 70 Audit, a Service Auditors’ Reports is presented to the service provider which contains the service auditors’ opinion. The Service Auditors’ Report provides a single source of standardized information to the service provider. It discloses information pertaining to internal control activities and processes to customers, and is valuable marketing tool to present for potential customers or investors.

There are five main elements of a SAS 70 Audit:

• Risk Assessment
• Control Environment
• Control Activities
• Information and Communication
• Monitoring

By completing a SAS 70 Audit an organization demonstrates to current and potential customers that they are delivering a secure, reliable, effective operating environment with proper controls in place.

For more information regarding SAS 70 Audits please contact one of our auditors.

 AgeeFisherBarrett, LLC is a member of:
AICPA, PCAOB, GSCPA, LISA, ISACA , SOFE

For a free consultation call (404) 250-4570