SAS 70 Definition for Type I and Type II Audits
| posted by charles denyerStatement on Auditing Standards No. 70, know to many as SAS
70, was pronounced in 1992 by the AICPA as an auditing standard use to report on controls
placed in operation, if a SAS 70 Type I audit is being conducted. For Type II
audit, the official jargon is the report on controls placed in operation and
tests of operating effectiveness. Thus, the main difference is the testing
period that is mandatory for a SAS 70 Type II audit. It should also be noted
that Type I audits do not suffice for regulatory requirements, such as section
404 of the Sarbanes-Oxley Act; thus, you must have a Type II audit completed.
Additionally, because SAS 70 type II test periods can vary, it''s quite important that you discuss the testing period with your auditors. Why? The longer the test period, the more testing that has to be conducted-ultimately, more money out of your pocket.
To learn more about what is SAS 70, visit the official SAS
70 Resource Guide.
