SAS-70 Audit Coverage
View PDF | Print View
by: ccruiserboyy
Total views: 27
Word Count: 314
The entire of organization of the service provider is not covered under as SAS-70 audit. Only those departments which are directly handling the data belonging to a customer user organization are required to be covered under the SAS-70 Audit. The SAS-70 audit has to focus only on these portions of the service organizations and the service auditor’s reports are usually customized to describe and identify its coverage under such circumstances. The audit report must specify the areas covered under the audit process. A as SAS-70 audit is concerned in only reporting the effectiveness and adequacy of internal controls and procedures in relation to the handling of the data belonging to the customer. Some internal controls may be connected indirectly to handling of the customer’s data like the Human resources controls may also be taken up for reporting by the Auditor in a SAS-70 audit.
On the conclusion of the SAS 70 assignment, the auditor will make a Service Auditor's Report. This audit reports is then forwarded to the service organization for its distribution to user organizations and the financial auditors of the user. The user organizations are normally responsible for procuring the audit report from concerned service organization which handles their data and then forwarding it to their auditors.
As the Service Auditors report is a confidential document the auditor must issue specific guidelines to the service organization as to how to use the service audit report and to whom the audit report can be forwarded to. These guidelines should be a part of the audit engagement letter and restriction if any on distributions should be discussed before acceptance of the audit assignment. In case a user organization has come to know that a service audit has been completed at a service organization, it has the right to demand a copy of the same and also give a copy to its auditors as well.
About the Author
Robby Goodman writes for System Disk on topics such as iPhone: Changing Mobile World, Changing Lives and Technology Source Effect: Involvement Visit SAS-70 Audit Coverage.
Rating: Not yet rated
