Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). In today’s governance-focused world, service-based businesses need to provide evidence of strong internal controls before a prospective business may engage or outsource with them. A service auditor’s examination performed in accordance with SAS No. 70 (also commonly referred to as a “SAS 70 Audit”) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.
In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
Though many companies have sufficient internal controls, they may not fully understand the formal requirements to comply with the Statement on Auditing Standards (SAS) No. 70, Service Organizations. The SAS 70 team at Iyer Associates can put you in a position of strength. We understand that compliance is only sustainable when it fits realistically with the needs of the organization. Our efficient customized work programs are designed to fit your business model, so you can develop realistic and sustainable best-practice methodologies.
We provide services which include Pre-SAS 70 assessments of your business, as well as Type I and Type II SAS 70 audits and post-audit program implementation.