Home     Stambaugh Ness PC     SN Business Solutions     Careers     eNewsletter     Events     Podcasts     More Knowledge     Contact Us      
SAS-70 Services

Recent business failures and legislation have prompted companies to take a closer look at the adequacy of their internal controls.  For companies that outsource portions of their operations to a third-party, obtaining assurance over the third-party’s controls has become a necessity.  With a SAS-70 report, service organizations can respond to the needs of their customers by providing this assurance.

 

WHAT IS SAS-70? 

SAS-70 is an international auditing standard that allows service organizations to provide written assurance regarding its internal controls in a standard report.

WHO IS IMPACTED? 

SAS is applicable when an entity uses a third-party, known as a service organization, to perform services that are a part of the entity’s information system. 

 

Examples of common service organizations include:

  • Trust departments
  • Transfer agents
  • Mortgage servicers
  • Claims processors
  • Application service providers
  • Hosted data centers

 

VALUE CONSIDERATIONS
A SAS-70 report offers service organizations an opportunity to demonstrate their commitment to effective controls to their current and future customers.  An assessment of internal controls in a SAS-70 review is also likely to identify opportunities for operational process improvements that add value to your organization.

TYPE I VS. TYPE II REPORTS 

There are two types of SAS-70 reports.  A Type I SAS-70 contains a description of the service organization's internal controls and an auditor’s evaluation of the control design.  A Type II report contains the same contents as a Type I, but also includes the results of control testing by the auditor.

PRE-ASSESSMENTS 

If you are currently considering a SAS-70 review or your customers have begun asking for a SAS-70 report, you may want to consider having Stambaugh Ness perform a pre-assessment review.  In a pre-assessment review, we will review your internal controls and help you identify and correct any control weaknesses before you incur the time and cost of a full SAS-70 audit.

OUR EXPERIENCE 

The Stambaugh Ness Risk Management team not only has experience in performing SAS-70 audits, but draws upon its collective skills and expertise in a variety of internal control disciplines to provide customized solutions and maximum value to our clients.

 

If your organization provides outsourced services and you want to gain an edge on your competition by obtaining written assurance for your internal controls, contact a member of the Stambaugh Ness Risk Management Team today.

 

Return to Risk Advisory and Outsourced Audit Services Page

 

Are you getting all of the timely and useful information you need? Sign up now for our weekly eNewsletter.