Wednesday, June 18, 2008
SAS 70
I am currently engaged in a SAS 70 audit for a financial services firm. SAS 70 audits have become much more popular with Sarbanes-Oxley requirements. I like SAS 70 because it is not prescriptive. You merely say what you do and do what you say. This is, of course, hard to do consistently but it is a good goal to shoot for.
Subscribe to:
Post Comments (Atom)
1 comment:
SAS70 can be a very successful audit. Things to consider are:
1) What is your objective of performing the Audit? Is it a customer requirement or are you trying to improve your internal controls. Set these goals and objectives prior to performing the audit. This will determine the level of skill required to perform the audit and determine the value you want to receive from the audit process.
2) Choose an experienced auditor who has performed many SAS70 audits. They will guide you through the process efficiently an effectively so that the most relevant controls are tested. In addition, they will provide you with management recommendations to improve your controls and make sure that the users of the SAS70 audit are provided with the necessary assurance that your Company is performing exceptionally well.
3) Finally, a good auditor will tell you that the SAS70 standard is based on ISO, COBIT and ITIL. A SAS70 incorporates all of these standards. An experienced SAS70 auditor will evaluate your Company based on these standards and only test those that are necessary and of highest risk. A SAS70 audit is comprehensive may provide good value with planning and experienced auditors. SAS70ExPERT@gmail.com
Post a Comment