Who does SAS-70 Audit
Only an independent certified public accountant (CPA) or firms of CPAs are allowed under the US regulations to conduct the SAS-70 audit. While performing the SAS-70 audit the CPA/CPA forms must ensure that they follow the strict specific standard enforced by the American Institute of Certified Public Accountants (AICPA). The CPA/CPA firms are obliged to follow the guidelines issued by the AICPA in respect of planning and execution and thereafter supervision of the auditing procedures to be followed. The reporting standards enshrined in SAS-70 needs to be followed very strictly. This is to ensure professional competence while conducting the audit and adhering to the set standards of audit. There is a provision of peer review where another independent CPA/CPA firm undertakes a peer reviews as per AICPA guidelines to ensure the service organization’s service audit has been completed in compliance to the applicable and established professional standards. The auditing practices and standards vary form state to state as per the requirements of the governing state board or any other governing body as the case may be.
Exams with Life Time Access Membership at http://www.actualkey.com
The CPA/CPA firm is allowed to employ other professionals who are not CPA but who have relevant expertise in information technology, or business process unique to the service organization, or the security skills for conducting and undertaking a SAS-70 audit assignment. The final report is to be issued and delivered by the concerned CPA only as other CPA may plan to rely on the service auditors reports on the internal controls of the Service organization. These is no specific list of SAS-70 auditors in the country, however you can start with a CPA firm of repute. However, while considering to appoint any SAS-70 auditor the service organization must keep in mind that the service auditor must have has sufficient experience of conducting SAS-70 audits; the relevant experience of the service auditor in the field of financial services, telecommunications, information technology and the like; Skill of the auditor in understanding the business of the service organization and the information technology used by the service organization.John King’s work can also be found on System Disc on topics such as How to Partition a Hard Drive and Technology and Lifestyle Visit Who does SAS-70 Audit.