SAS 70 Compliance
The Statement on Auditing Standards 70, known as SAS 70, is an auditing standard, officially titled “Reports on the Processing of Transactions by Service Organizations.” It was created by the American Institute of Certified Public Accountants (AICPA). SAS 70 is recognized worldwide as a standard of quality for service organizations.
SAS 70 provides standards for internal controls and the issuance of a service auditor’s internal control report for organizations such as insurance companies, trust companies, data hosting companies, and medical claims companies. A service company may provide outsourcing services that impact the control environment of its customers. It is vital for a customer of a service organization to have a reliable statement on the management of its controls and quality assurance from its service company.
There are two types of service auditor reports:
• Type I SAS-70 reports state the proper design of all relevant controls. A Type I certification is the most basic certification.
• Type II SAS-70 reports not only state the proper design, but also state that all controls are operating effectively. The Type II certification is the most advanced SAS-70 certification.
BWise provides a comprehensive, web-based and integrated GRC solution that enables service organizations to plan and create Type I or Type II service auditor’s internal control reports.
Best practice for SAS 70 compliance
BWise Governance, Risk and Compliance (GRC) management software enables the design and arrangement of internal controls and their assessment as required by SAS 70. Specifically, BWise has developed a best practice approach to SAS 70. It allows internal controls and their framework to be setup, those controls to be regularly tested and any associated risks to be found.
More information
'Legal and Regulatory Compliance Only the Tip of the GRC Iceberg'