Sas 70 and SOX 2320
uscpa last edited by
I am a new cpa and just started a job . I know the question i am going to ask might be a silly one but i am really confused and would love to have someone clarify me that.
What exactly is the difference in SAS 70 report and Sox report. I know SAS 70 is issued by the service organiztions to their user organization, the only thing bothering me is, in both the cases ( SAS 70 and SOX ) an auditor havs to look for IC. So why to do it differently ?
Can someone please reply.
Denis last edited by
This is pretty well covered elsewhere in this forum, try searching for SAS70 and if you have further questions after that I’d be abhappy to answer them
harrywaldron last edited by
Hi and welcome to forums
As Denis notes SAS 70 is often discussed. Briefly, SAS-70 are desirable security and control standards pertinent for service organizations, while SOX are mandatory financial control standards for publicly listed companies on the US stock exchanges. It should be noted that some companies might comply with both (as our company does).
These links might also help (please copy to browser):