SAS 70 AUDITS - INDEPENDENT SERVICE AUDITOR'S REPORT
In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when hosting or processing data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002, Government Auditing Standards under Office of Management and Budget (OMB) Circular A-123, and the Defense Contract Audit Agency (DCAA) Audit Guidelines make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
An auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") is widely recognized as a “best practice” as it represents that a service organization has been through an audit of their control objectives and control activities, which often includes controls over information technology and related processes.
Battelle & Battelle LLP has extensive experience evaluating controls for third-party service organizations and can assist in providing assurance to customers that you have capability maturity.
Service organizations that perform outsourcing services on behalf of their customers should have a SAS 70 audit. Examples of these organizations include:
• Payroll Processors
• Third-Party Administrators (TPAs)
• Bank Trust Departments
• Insurance Company Trust Departments
• Transfer Agents
• Custodians
• Investment Company Recordkeepers
• Mortgage Services or Depository Institutions that Service Loans for others
• Payment Processors
• Internet Service Providers, Web Hosting Service Providers
We can assist your organization in the following areas:
SAS 70 Readiness Engagement – Designed to identify controls that should to be implemented or improved prior to an actual audit, including the design and implementation of controls, control objectives, and control activities related to the relevant assertion levels.
SAS 70 Type I - Provides independent third-party verification as to whether control activities described by a service organization were suitably designed to meet specified control objectives and whether the controls were in place as of a specified review date.
SAS 70 Type II – Provides independent third-party verification as to whether control activities described by a service organization were suitably designed to meet specified control objectives and were in place and operating effectively over a period of time that is typically at least a six month period.
