Sas 70 and SOX 2320

  • Hi friends,
    I am a new cpa and just started a job šŸ˜„ . I know the question i am going to ask might be a silly one but i am really confused and would love to have someone clarify me that.
    What exactly is the difference in SAS 70 report and Sox report. I know SAS 70 is issued by the service organiztions to their user organization, the only thing bothering me is, in both the cases ( SAS 70 and SOX ) an auditor havs to look for IC. So why to do it differently ?
    Can someone please reply.

  • This is pretty well covered elsewhere in this forum, try searching for SAS70 and if you have further questions after that Iā€™d be abhappy to answer them

  • Hi and welcome to forums šŸ™‚
    As Denis notes SAS 70 is often discussed. Briefly, SAS-70 are desirable security and control standards pertinent for service organizations, while SOX are mandatory financial control standards for publicly listed companies on the US stock exchanges. It should be noted that some companies might comply with both (as our company does).
    These links might also help (please copy to browser):

Log in to reply