Why a SAS-70 report is required
View PDF | Print View
by: Guest
Total views: 25
Word Count: 322
SAS-70 report is issued by a Service auditor to enable a user auditor to prepare his report on the financial statements of a user organization which is using the services of the service organization. The service organization’s disclosures as to its internal control processes and procedures in respect to the data belonging to the user organization. The service auditors report under SAS-70 must give his honest opinion on the effectiveness and adequacy of the internal controls disclosed by the service organizations.
Service organizations are usually providers of services like application services providers, claims processing centers, trust department, data centers, data processing services, transcription services, third party administrators etc. The user auditor while undertaking the audit of any user organizations needs to obtain the understandings about the internal controls in vogue as per the requirement of SAS No. 55 issued by the AICPA while preparation of his report on the financial health of the user organization. Sarbanes-Oxley Act section 404 also requires the organizations to disclose their internal controls policies and procedures whether adequate or not to fulfill their obligations under the law.
When a portion of the user organizations working data is being handled by another service provided the requirements of SAS-70 come into play and the user auditors requires as report under SAS-70 from the service auditors of the service organization so that they on relying on such report can prepare their own reports and complete their audit assignments. The user auditor needs to identify and evaluate relevant internal controls is usually an important step in his overall audit approach. In cases where a service organization is providing transaction processing, IT infrastructure, data hosting or any other data processing services to any user organization, then the auditor of the user organization may need to gain an in depth understanding of the internal controls in use at the service organization which enable them to properly plan their audit and evaluate the control risk.
About the Author
Jeff Key also writes for System Disc on topics such as What Is FQDN and ERP Visit Why a SAS-70 report is required.
Rating: Not yet rated
