RSS
Password?  |  Sign Up

  • Technology
  • Design
  • Ethonomics
  • Magazine
Leadership Community Jobs

FC Member Blog

SAS 70 Audits | Advice on Scoping for Type I or Type II SAS 70 Compliance

BY charles denyerFri May 15, 2009 at 3:34 PM
This blog is written by a member of our blogging community and expresses that member's views alone.
SAS 70 Audit Scope: Important Tips.

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

Defining scope for a SAS 70 audit is fundamentally one of the most important
activities to be undertaken for the audit itself.  What's more, it’s a
collaborative process that is driven by your organization and the external CPA
firm conducting the SAS 70 audit. 

So, with that said, here are some of the finer points you need to identify
and discuss regarding SAS 70 audit scope:

1.  If a SAS 70 Type II audit is to be performed, identify the test
period (e.g. 6 months, 10 months, 12 months)

2. Identify all physical locations that will have to be visited for
fieldwork for the SAS 70 audit.

3. Identify all outsourcing providers that YOUR organization uses, as they may
be impacted and brought into the scope of the actual audit. Discus these vendors
with the CPA firm conducting the audit. Note: Data centers and managed service
providers are common entities that often fall into the scope of a SAS 70 audit,
so if you are using this type of facility, inform the auditors.

4. Identify and discuss the auditor's testing methodology; that is, how is
population and sampling arrived at, what frameworks and benchmarks/standards
are the auditors employing and what constitutes and "exception" in
the eyes of the auditing firm for purposes of the SAS 70 audit.

5. Discuss billing and pricing for the SAS 70 audit. Are you getting a fixed fee for the audit or
is it hourly? If a fixed fee, are there any other expenses that may also be
incurred outside of the fixed fee?

Topics:

Innovation, Technology, Leadership, Management, sas 70, Type I, SAS 70 Type II, cost sas 70 audit, Charles Denyer, CPA, , Design, Visual Arts, Graphic Design


Sign in or register to comment.
or

Recent Comments | 2 Total

May 15, 2009 at 3:35pm by charles denyer

great blog on sas 70

Report Content

June 1, 2009 at 4:36pm by Andrea Kelly

I couldn’t agree more - we’re the largest data center operator in Michigan - and see SAS 70 as a critical requirement for a number of clients - whether they are publicly held companies or serving publicly held customers.
Recently published 5 tips on surviving SAS 70 (http://www.onlinetech.com/resources/enews/marchenews) which explains the lengthy and time consuming process to do a SAS 70 audit. The good news is that with strong SAS 70 audited colocation providers, much of the audit process can be taken off the plate for clients

Report Content