SAS No. 70: Service Organization Reporting

SAS No. 70 Service Organization Reporting guides CPAs on reporting a service organization's internal controls and using a service auditor's report.

SAS No. 70: Service Reporting
• Type I report
• Type II report
Understanding of internal controls
Risk assessment

• The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report.

• The process of preparing the SAS 70 report requires participation from key personnel in your organization

• The SAS 70 report is specifically designed to your organization to reflect the unique nature of your relationship to your clients and their control dependencies.

• The controls your company deploys for SAS 70 need to cost-effectively mitigate relevant financial technology risks.

• The SAS 70 report is only as good as the confidence it evokes when reviewed by your clients and your client's auditors.

• Amper, Politziner & Mattia P.C. has guided many service providers in many industries in the preparation of Type I and Type II SAS 70 Reports.

Our technology risk services team has experience in accounting, financial, operational, IT management, and back-office operations.

As one of the Best Places to Work in NJ, Amper is one of the largest independent CPA, accounting and financial services in the New Jersey, Pennsylvania and New York region.


Contact Us        Locations             search

Internal Audit Services
Technology Risk Services
IT Risk Management

SOX IT Preparation & Audit

SAS No. 70 Services

IT Governance

Disaster Recovery Planning

Security & Privacy

SysTrust©

IT Forensics
Compliance Services
Business Process Improvement

 Related Articles

An Ongoing Compliance Function Is Part Of The Corporate Culture Of Any Successful Enterprise

International Financial Reporting Standards — Is the World Ready for Convergence?

Data Retention and eDiscovery — What Every Company Should Know

Accounting Standard 5:
A Kinder, Gentler Compliance Standard

Reducing Risk - "How to Eat an Elephant:
What Boards and Audit Committees should know..."

Assurance and Compliance Applications

IT Governance

Can IT Save the U.S. Health Care System

5 Steps you can take to ensure your new IT system delivers the results you expect

SAS 70
SAS No. 70: Service Organization Reporting

Not all SAS70 Reports are created equally

The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report. As you consider this, keep in mind that:

  1. The process of preparing the SAS 70 report requires participation from key personnel in your organization; therefore it is critical that their limited time be used very wisely.
  2. The SAS 70 report is specifically designed to your organization to reflect the unique nature of your relationship to your clients and their control dependencies. The controls your company deploys for SAS 70 need to cost-effectively mitigate relevant financial technology risks.
  3. The SAS 70 report is only as good as the confidence it evokes when reviewed by your clients and your client's auditors
    4. .

So as you identify the CPA firm that will guide your company through this and prepare your SAS 70 report, we encourage your company to partner with a CPA firm that:

Has a long history of providing accurate guidance on the subject of financial and technology controls,

Has the expertise and skills to execute the SAS 70 report efficiently and in a manner that presents the condition of your company’s controls most-effectively to your clients and their auditors.

Amper, Politziner & Mattia P.C. has guided many service providers in many industries in the preparation of Type I and Type II SAS 70 Reports. Our risk-based approach to reports helps ensure that the report meets your client’s needs; the need of their auditors, and most importantly of all, that the controls your company institutionalizes, as part of this process, make good business sense.

Important Note: Many service providers provide IT related services that while critical to their clients, fall outside of the scope and purpose of the SAS No. 70 report. Many of these service providers have determined that they and their clients can benefit from preparation of a Trust Services SysTrust© Report, which is alternative attestation report the provider can use to provide their clients and prospects.

Contact: Dan Schroeder


Contact Us        Locations & Directions        Site map
Amper, Politziner & Mattia, LLP   •  1-866-99-AMPER  •  info@amper.com
web site design and online marketing solutions
by Set Now Solutions, LLC