SAS 70 Audit Checklist | Tips on Preparing for a Type I or Type II SAS 70 Audit

A SAS 70 checklist can be a valuable tool for helping prepare for a SAS 70 Type I or Type II audit. Audit scope can and should be determined while you are conversing with CPA firms for proposal submissions. The more you and the CPA firms that are proposing know and have an understanding about what the actual scope of the audit will be, the better you will be able to compare fee proposals between each firm, while also giving your organization a "heads up" on just what to expect during the audit. In short, you need a SAS 70 checklist to help undertake scoping.

To a large degree, scope dictates SAS 70 pricing and that's why a SAS 70 checklist for properly scoping the audit is essential. Use this helpful list for determining SAS 70 scope.

SAS 70 checklist

  • Discuss with user organization what their requirements for the audit are. Are they just demanding you undertake a general controls audit or are there specific business processes that need to be included in the SAS 70 audit. Since they are the entity requiring you to be SAS 70 compliant, they should have a strong voice on what the scope is of the SAS 70 audit.
  • Once this has been determined, discuss this with all CPA firms that are proposing on the SAS 70 Type I or Type II audit. Make them aware of the scope requirements and also make them document it in their proposal that the SAS 70 audit is only a general controls audit or an audit that also includes specific scope/business process requirements.
  • Testing Locations and Parameters-Once the audit scope has been determined, make sure that all proposals include a discussion of what physical locations (if you have more than one location) will be included in the scope of the audit and how many visits will be required.
  • If a SAS 70 Type II audit is being performed, be sure to discuss the length of the testing period. Generally speaking, six (6) to 12 (months) is the standard test period window, but some audits can have a smaller test period based on extenuating circumstances. Generally, the longer the test period, the more sampling has to be done, thus, the more expensive the SAS 70 audit may be. Thus, make sure the proposal details what the test period is.
About the Author:

Charles Denyer has expertise in the following areas: SAS 70 audits (www.sas70.us.com), PCI DSS compliance (www.pciassessment.org) and Regulation AB Item 1122/1123 compliance, Sarbanes-Oxley compliance.Mr. Denyer also has a keen understanding and sound interpretation of all compliance rulings/regulations and associated standards/frameworks/methodologies used for auditing and risk assurance compliance:GLBA, Sarbanes-Oxley, HIPAA, FISMA, FFIEC, COBIT, COSO, ISO 27001. Payment Card Industry Compliance, Securities Compliance (Regulation AB-1122/1123).Additionally, advanced search engine optimization (SEO) and online viral marketing expert.

Article Source: ArticlesBase.com - SAS 70 Audit Checklist | Tips on Preparing for a Type I or Type II SAS 70 Audit

Cpa, Type II, Type I, SAS 70 Pricing, SAS 70 Audit Checklist, Test Period, Charles Denyer