Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Should prewritten audit workprograms be used to perform portions of a SAS 70 audit?

audit perform portions prewritten SAS Used
0
Posted

Should prewritten audit workprograms be used to perform portions of a SAS 70 audit?

0 CommentsAdd a Comment

1 Answer

0

Generally speaking, prewritten audit workprograms should not be used to perform portions of a SAS 70 audit. SAS 70 audits are customized based on the controls implemented by the service organization. Since service organizations controls vary substantially, prewritten audit workprograms are of very little use as it relates to auditing a service organization. Our company has consulted with multiple service organizations that received testing exceptions in their SAS 70 audit report because they did not comply with an audit firm’s generic audit workprogram. This essentially means that the audit firm held the service organization accountable for controls that it never claimed to have implemented. Unfortunately, the management of these service organizations was not aware that the audit firms’ methodology was flawed and testing exceptions were disclosed to user organizations that should have never been included in the SAS 70 audit report. This issue is one of the primary reasons that service

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123