Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). Service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
- The issuance of a service auditor’s report prepared in accordance with SAS No. 70 signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm.
- SAS No. 70 provides guidance to enable an independent auditor (“service auditor”) to issue an opinion on a service organization’s description of controls through a Service Auditor’s Report.
- SAS No. 70 is generally applicable when an independent auditor (“user auditor”) is planning the financial statement audit of an entity (“user organization”) that obtains services from another organization (“service organization”).
In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
Source: http://www.sas70.com
