SAS 70 audits are becoming very common in today's world. The reasons are many, but primarily it stems from the overall growth in regulatory compliance legislation, such as Sarbanes Oxley, GLBA, HIPAA, along with other state and federal compliance laws.

Important points that you need to know about SAS 70 Type I and Type II Audits are the following:

Pricing.  This is the biggest issue surrounding these audits right now. There are a number of players in the market, and, as no surprise, a number of different pricing structures out there.  Buyer beware, you get what you pay for. My advice the healthy medium-finding a national boutique firm that specializes in SAS 70 audits along with a price fee that is fair and equitable for both side.

Scope. Whoever the firm is that you choose to conduct the SAS 70 audit, make sure the scope of the audit is clearly understood and all parties involved know of their responsibilities.

Timing. What are your audits needs? when do you need the SAS 70 completed? What are the milestones and deliverables that the CPA firm is giving you? Your organization needs to discuss all these needs for ensuring a successful SAS 70 audit process.;

And hey, if you are curious as to what a final SAS 70 audit report look like, feel free to download SAS 70 sample reports from the SAS 70 Resource Guide. Have fun!