A service provider can do many things to prepare for a SAS 70 audit engagement. Defining control objectives and identifying related control activities is an important step in the SAS 70 audit process. Many service providers will engage a professional services firm with a background in both financial auditing and IT auditing to assist with drafting the control objectives and evaluating the existing control activities. This allows the service provider to determine if any improvements need to be made with respect to the control environment prior to the start of the actual SAS 70 audit.

If the service provider has an internal audit department, the internal auditors could also assist with developing the control objectives and documenting the related control activities. Internal audit can also periodically evaluate and test some of the controls that may be tested as part of the SAS 70 audit to determine if improvements need to be made.

If you need further information, contact us.

Comments are closed
Arelyn commented on 27-May-2011 09:54 AM
First, I want to apologyze because of all the grammar errors, but I am from peru and I need information about SAS 70. I would like to know, if these all 5 five components must be adressed. Furthermore, I would like to know and understand what about the
applications developement and maintance, is this a control too? how it would be evaluate?