This guides CPAs on reporting a service organization's internal controls and using a service auditor's report. The AICPA SAS 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report.SAS No. 70: Service Reporting
The controls your company deploys for SAS 70 need to cost-effectively mitigate relevant financial technology risks.
A SAS 70 audit is the most widely recognized independent attestation report on internal controls of a third party service provider. This report provides an assessment of the safeguards over your managed data, related business and IT processes. A SAS 70 report, however, can also offer you the opportunity to highlight your strengths and market them to your clients and partners, backed up with the authority of this well-respected CPA certification.
The professionals in EisnerAmper's Technology Audit & Advisory Group have significant experience in performing SAS 70 audits for a wide range of service providers in many different industries. Furthermore, as a CPA firm that depends on SAS 70 audits for the financial audits of many of our clients, our team has a strong understanding of the expectations and needs of your clients, as well as those of their auditors and compliance regulators. We use these valuable perspectives to provide both Type I and Type II SAS 70 audits, as well as prepare prospective SAS 70 candidates for their SAS 70 review.
We have developed a streamlined process to prepare you and take you through a SAS 70 audit as efficiently and effectively as possible – minimizing disruptions and demands on your personnel, meeting tight timelines and providing the highest quality deliverables. Our risk-based approach addresses the requirement that the report meets your client’s needs and those of their auditors; and most importantly of all, that the controls your company institutionalizes, as part of this process, make good business sense.
Search SAS 70 articles