STATEMENT ON AUDITING STANDARDS NO. 70
- One of the most effective ways a service organization can communicate information about its controls is through a Service Auditor’s Report.
- SAS 70 has the following report types
- In a Type I report, the service auditor will express an opinion on control implemented for specific date
- In a Type II report, the service auditor will express an during on control implemented for a period, usually six month.
- SAS 70, controls are self-defined by service organization and do not have cloud service provider in mind.
- The SSAE 16 AICPA standard (Now SSAE 18), put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) has effectively replaced the long-standing SAS 70, which was issued in April, 1992.
- Service Organization Control (SOC) Reports (as in SSAE 18), effectively known as either SOC 1, SOC 2, and SOC 3 Reports, is a comprehensive framework put forth by AICPA geared towards reporting on controls at service organizations. Unlike SAS 70, the SOC framework is a specific set of reporting initiatives aimed at helping to clarify, distill, and bring about much needed transparency for reporting on controls at service organizations.
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!