As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - SAS70 requirements
Posted: Fri Jan 15, 2010 2:46 am Post subject: SAS70 requirements
We have received an SAS70 type II report compared to our other SAS70 report in this report the user consideration section is missing. I thought this section was a requirement for SAS70. Does anyone know whether this is a requirement or not?
Also the testing period is untill the end of november instead of december; we have requested a confirmation letter on december but the auditor told us that that's no requirement. Does anyone know whether this is a requirement or not?
My understanding is that the SAS 70 report must be completed close enough to your company's year-end that the third-party controls described in the report can be expected to remain in place at the end of your company's fiscal year.
Interesting about the absence of a User Control Considerations section. I don't believe I've run across one that didn't include that. Maybe someone else has seen this before. If it truly doesn't have this, then you may not be able to rely on the SAS 70 and may need to perform your own testing of this process.
Joined: May 26, 2008 Posts: 187 Location: Switzerland
Posted: Tue Jan 19, 2010 11:47 am Post subject: User considerations in an SAS 70 report.
You can check SAS 70 on the PCAOB website at pcaobus.org/standards/interim_standards/auditing_standards/au_324.html
Section 54 says that it should be assumed that the report contains an attachment that includes a description of the service organization's controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.