SAS No. 70: Service Organization Reporting

SAS No. 70 Service Organization Reporting guides CPAs on reporting a service organization's internal controls and using a service auditor's report.

The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report.

SAS No. 70: Service Reporting
Type I and Type II reports
Understanding of internal controls
Risk assessment

The controls your company deploys for SAS 70 need to cost-effectively mitigate relevant financial technology risks.

SAS 70 Articles
  • Don't Get Surprised by a Surprise Custody Examination
  • SAS 70 Overview and Planning Guide For Third Party Administrators
  • SAS 70 and SysTrust Comparison

    • [view all SAS 70 articles]


    Amper is one of the largest independent CPA, accounting, tax preparation, and auditing firms in the New Jersey, Pennsylvania and New York region.


    search  

    Internal Audit Services
    Technology Risk Services
    IT Risk Management

    SOX IT Preparation & Audit

    SAS No. 70 Services

    IT Governance

    Disaster Recovery Planning

    Security & Privacy

    SysTrust©

    IT Forensics
    Compliance Services
    Business Process Improvement
    SAS No. 70: Service Organization Reporting

    Not all SAS70 Reports are created equally

    The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report. As you consider this, keep in mind that:

    1. The process of preparing the SAS 70 report requires participation from key personnel in your organization; therefore it is critical that their limited time be used very wisely.
    2. The SAS 70 report is specifically designed to your organization to reflect the unique nature of your relationship to your clients and their control dependencies. The controls your company deploys for SAS 70 need to cost-effectively mitigate relevant financial technology risks.
    3. The SAS 70 report is only as good as the confidence it evokes when reviewed by your clients and your client's auditors
      4. .

    So as you identify the CPA firm that will guide your company through this and prepare your SAS 70 report, we encourage your company to partner with a CPA firm that:

    Has a long history of providing accurate guidance on the subject of financial and technology controls,

    Has the expertise and skills to execute the SAS 70 report efficiently and in a manner that presents the condition of your company’s controls most-effectively to your clients and their auditors.

    Amper has guided many service providers in many industries in the preparation of Type I and Type II SAS 70 Reports. Our risk-based approach to reports helps ensure that the report meets your client’s needs; the need of their auditors, and most importantly of all, that the controls your company institutionalizes, as part of this process, make good business sense.

    Important Note: Many service providers provide IT related services that while critical to their clients, fall outside of the scope and purpose of the SAS No. 70 report. Many of these service providers have determined that they and their clients can benefit from preparation of a Trust Services SysTrust© Report, which is alternative attestation report the provider can use to provide their clients and prospects.

    Contact: Elliott Roth and Torpey J. White


    Contact Us            Locations & Directions        Site Map
    Amper, Politziner & Mattia, LLP is now EisnerAmper LLP   •  1-866-99-AMPER  •  info@amper.com
    web site design and online marketing solutions by Set Now Solutions