What is a SAS 70 audit?
SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) 70, titled Reports on the Processing of Transactions by Service Organizations. SAS 70 basically defines the rules an auditor must follow to assess the internal controls of a service organization and issue a service auditors report. The definition of a service organization is a company that processes or performs certain services or procedures on the behalf of another company. Examples of service organizations are medical claims processors, credit processing organizations, application service providers (ASPs), data centers, trust companies and accounts receivable or payable outsourcing companies.There are two levels of service for a SAS 70 audit.
A SAS 70 audit is designed to provide information and assurance about controls within a service organization to user organizations (customers) and their auditors. A SAS 70 audit is conducted in accordance with the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) 70 standards. SAS 70 includes the professional standards used by a service auditor to report on the processing of transactions by a service organization for use by other auditors. A service organization is an entity (or segment of an entity) that provides services to a user organization that are part of the user organization’s information system and control environment. Who Uses a SAS 70 Report? SAS 70 reports are primarily used by the service organization, its clients and the client’s auditors. The client’s auditors can use the SAS 70 to gain an understanding of the internal controls in operation at a service organization. Depending on the type of report, a client’s auditors may b
