SAS 70 from you as an auditor 157

  • There is no problem to get SAS-70 from the same Firm.
    The nature of SAS-70 is an audit from auditors to auditors. It means that some auditor did the tests of controls and you can relay on him. If the service provider doesn’t have SAS70, the auditor of each of his clients would have to test and check the exsistence of controls - the SAS-70 enable for every one to rely on it.
    Of course, if you (or your firm ) did the tests you can rely on it…

  • This post is deleted!

  • If you have to get a SAS-70 you should request a Type II SAS-70. That is not only the Audit Report. IT also includes the test of the controls audited and the outcome of the tests. This is more convienient for SOX purposes. You still want to make sure that the report contains the controls you need for your processes. A additional topic is that the PCAOB still is not comfortable the auditor issueing the report and the auditor of the requesting company (finally giving a SOX Statement) is the same. They still see some indepence issues.

Log in to reply