Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Where do service organizations begin if they’ve never had a SAS 70 audit?

audit Organizations SAS service
0
10 Posted

Where do service organizations begin if they’ve never had a SAS 70 audit?

0 CommentsAdd a Comment

1 Answer

0
10

Service organizations that have never had a SAS 70 audit usually start off with a pre-assessment consulting engagement. The pre-assessment is designed to determine whether the existing control environment is robust enough to pass the suitably designed component of the auditor’s opinion. Two key components of the pre-assessment include documenting descriptions of the internal controls and identifying control deficiencies. Since many organizations lack extensive written policies and procedures, this is not a trivial task and is typically the most time consuming and expensive part of the SAS 70 audit. Service organizations with a control framework have an advantage because in many cases, it provides the process and control documentation necessary to minimize the effort often required in the pre-assessment phase.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123