Posts Tagged ‘sas 70 virginia’

Benefits of a SAS 70

Wednesday, June 10th, 2009

We’ve talked about SAS 70s in previous posts (What is SAS 70 and who needs it? and Types of SAS 70 Services), but where will your organization see a real benefit?

Efficiency and Cost Reduction – Your company can have one audit performed and provide one report to interested parties.  This allows your company to focus on what it does best and reduces the time required to respond to audit inquiries.

Piece of Mind – It makes good business sense to make sure you have controls in place to prevent/detect unnecessary mistakes, unauthorized transactions, unauthorized modifications to data, and fraudulent activity.  Having an independent party assess your processes and systems can provide a level of assurance that may be unattainable through self assessment.

Strengthen Existing Relationships – Customers value transparency and assurance that your processes and systems are sound.

Attract Customers – New customers want to know that they will be working with a company that has standards in place and has been reviewed by an independent party.

Differentiate from Competitors – If your company has a clean audit opinion and your competitors don’t or don’t have an audit opinion at all, you should stand out in the marketplace.

Compliance – There may be overlapping regulations that a SAS 70 may meet.  The Sarbanes Oxley Act requires your customers to have controls over financially material processes and systems. The Graham Leach Bliley Act requires financial institutions to provide security over customer information to safeguard their privacy.

Are you interested in strengthening existing relationships, attracting new customers and differentiating your company from competitors?

Do you want to reduce the time and cost of audit inquiries?

Tags: , , , , , , , ,
Posted in SAS 70 | 2 Comments »

What is a SAS 70? Who Needs a SAS 70?

Wednesday, June 10th, 2009

A SAS 70 audit report assesses the design and operating effectiveness of a service organization’s controls.  A Type I SAS 70 only assesses the design of controls.  A Type II SAS 70 assesses both the design and operating effectiveness of controls.

Consider the following scenario – Your company provides a service that may materially affect your customer’s financial statements.  Naturally, your customers, your customer’s auditors, and your potential future customers want to make sure their financial information is accurate, complete, and recorded properly.  As such, each of these parties requests to inquire or audit your processes and systems.  What a nightmare, right?

Well, that is where a SAS 70 comes in.  Since the SAS 70 audit report assesses the design and operating effectiveness of a service organization’s controls, the audit report can be provided to customers as evidence of the effectiveness of your controls.  You may not want to provide the report to potential future customers, but letting them know that you received a clean SAS 70 audit report would certainly provide them some comfort regarding your operations.

So what type of organization would need or even want a SAS 70?  Usually the following organizations would consider obtaining a SAS 70: payroll service providers, claims processors, benefits administrators, third party administrators, clearinghouses, transfer agents, trust administrators, data centers, application service providers (ASPs), and outsourced IT departments.

Here is a pretty good link that provides some more details.

Have your customers requested assurance that your processes and systems are controlled?  
Do you feel comfortable that the business processes and IT processes you have in place are controlled to prevent/detect unnecessary mistakes, unauthorized transactions, unauthorized modifications to data, and fraudulent activity?

Tags: , , , , , , ,
Posted in SAS 70 | 4 Comments »