|
Statement on Auditing Standards (SAS) 70 Type I and II
The Statement on Auditing Standards Number 70 (SAS 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 audits are an in depth process audit of a service provider environment, including controls and safeguards over their networking, financial, and related business processes when they host or process data belonging to their customers.
Can T3i provide an official SAS 70 Certification?
Yes – In partnership with a Qualified CPA firm. T3i works with many local and national CPA’s as a cost-effective auditing resource. T3i supports the CPA by providing high quality technical expertise with the Information Systems (Network, technology, policies and procedures) that support our clients’ financial reporting process. Traditional accounting work, oversight and management of the SAS 70 engagement and issuance of the Service Auditor’s Report would be handled by the CPA firm.
Why is the cost of a SAS 70 through T3i so low?
Low Overhead: Unlike the Big Four and other large firms with multinational offices, thousands of employees and high expenses, T3i’s operations are centralized and focused solely on providing credible and cost-effective information security expertise.
Market Perception: The current perception is that a SAS 70 from any auditor other than a nationally recognized firm is unacceptable. – Not True. The only requirement is that the “Auditor of Record” must be a qualified CPA firm registered with the AICPA.
Are there alternatives to the SAS 70?
In some cases yes. Depending upon the business drivers behind the desire to obtain a “ widely accepted” security related certification and the nature of the relationship between the service provider and their clients, an ISO 27001 (17799) Certification from a 3rd party auditor may be acceptable. Achieving ISO 27001certification is similar to a SAS 70 audit in that an independent audit must be conducted by an internationally recognized accreditation body (Registrar). Although these alternatives are generally more cost effective, the final determination of what is and is not acceptable audit criteria is left to the sole discretion of your client’s executive management team. How can I learn more or get a SAS 70 proposal?
Please contact our SAS 70 Engagement Manager – Mark Reedy at PH: 678-845-0209 x201 or
Or visit our SAS 70 Frequently Asked Questions page.
| 
