AuditNet® Audit-library::Sas-70-resources-for-auditors
SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) 70, titled “Reports on the Processing of Transactions by Service Organizations”. SAS 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report. Service organizations are typically entities that provide outsourcing services that impact the control environment of their customers. Examples of service organizations are insurance and medical claims processors, trust companies, hosted data centers, application service providers (ASPs), managed security providers, credit processing organizations and clearinghouses.
There are two types of service auditor reports. A Type 1 service auditor’s report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type 2 service auditor’s report includes the information contained in a Type 1 service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review.
from SAS 70 Solutions.com
|
RESOURCES |
DESCRIPTION |
|
Website where customers can purchase a copy of the SAS 70 standard, current SAS 70 audit guide (which includes a complete copy of the standard), and related SAS 70 materials. |
|
|
Glossary of Terms |
A complete list of the most commonly used SAS 70 audit terms. |
|
FREQUENTLY ASKED QUESTIONS (FAQs) |
An collection of the most commonly asked questions regarding SAS 70 audits. |
|
SAMPLE DOCUMENTS VENDOR |
Vendor Interview Questionnaire SAS 70 Audit Request for Proposal Tool |
|
SAMPLE DOCUMENTS TYPE 1 |
SAS 70 Audit Request for Proposal Tool Sample Type 1 SAS 70 audit opinion letter Type 1 Opinion Letter Demonstrating the Inclusive method Type 1 Opinion Letter Demonstrating the Carve Out Method Sample Type 1 SAS 70 audit management representation letter |
|
SAMPLE DOCUMENTS TYPE 2 |
Sample Type 2 SAS 70 audit opinion letter Type 2 Opinion Letter Demonstrating the Inclusive method Type 2 Opinion Letter Demonstrating the Carve Out Method Sample Type 2 SAS 70 audit management representation letter |
|
QUALIFIED OPINION EXAMPLES |
Fairness of presentation Suitability of Design Operating Effectiveness |
|
INDUSTRY LEADING VENDORS |
SAS 70 Solutions PriceWaterhouseCoopers |
|
MISCELLANEOUS WEBSITE LINKS |
A SAS 70 Auditor’s Response to the Critics White paper exposing common errors and misconceptions regarding SAS 70 audits. www.sas70.com Website maintained by an Ernst & Young partner that is designed to provide SAS 70 background information and garner sales leads. http://www.polarcove.com Article containing SAS 70 overview and planning information. www.CSOonline.com CSO.com article regarding SAS 70 audits. |
SAS70 Solutions firm specializing SAS 70 audit services provides resources and tools for auditors.
SAS 70 Article from the security officers perspective
SAS 70 Articles and Whitepapers
SAS 70 Overview and Planning Guide
Audit Documents
-
SAS 70 Evaluation Checklist (Apr 06)
-
SAS 70 Evaluation Guidance (Apr 06)
-
SAS-70 Review (Oct 05)
-
SAS 70 Type 1 Fraud Assessment Template (July 05)
-
SAS 70 Type 2 Fraud Assessment Template (July 05)
-
SAS 70 Type 2 Internal Control Evaluation Checklist PDF
-
SAS 70 Type 2 Internal Control Evaluation Checklist Excel
