SAS 70 control objectives are essentially the statements and assertions that your organization is adhering to for purposes of a SAS 70 audit. In simpler terms, they are the cornerstone of the audit that help frame the overall auditing process that is undertaken. Thus, whatever your control objective states, your organization should be able to prove that very assertion.
A number of best of breed, predefined control objectives are currently utilized by CPA firms who conduct SAS 70 audits. Sure, they may differ in how they are actually stated, but in reality, they "should" be similar in application.
Most SAS 70 control objectives are developed in a collaborative manner between the CPA firm conducting the audit and the service organization (your company) that is undergoing an actual SAS 70 Type I or Type II audit. However, technically speaking, the auditing standard calls for the service organization to develop them, but this can sometimes pose a problem as many companies are unsure where to start or what even a SAS 70 control objective really is. Add to the fact that if your organization has a requirement to test specific "controls", then you will have to develop customized control objectives that are applicable to these very requirements.
You can obtain a sample SAS 70 audit report, which will give you an excellent example of SAS 70 control objectives.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Share on StumbleUpon
Share on LinkedIn