SAS 70 audits examine the effectiveness of control activities at service organizations, typically including the review of controls over information technology processes. Service organizations as well as their customers benefit from the performance of the SAS 70 audit. For example, a service organization can provide its SAS 70 audit report to its customers to demonstrate that an adequate system of internal controls has been implemented. Additionally, the SAS 70 audit report can be used to limit or prevent inquiries from the auditors of user organizations.

Depending upon the needs of the organization, we perform either a Type I or Type II SAS 70 audit. During the performance of a Type I audit, we review the design of controls and provide an opinion regarding whether controls are adequately designed to achieve the control objectives. However, we also test the effectiveness of controls during a Type II audit. The audit opinion in a SAS 70 Type II report further discloses whether the controls operated sufficiently to provide reasonable assurance.


To learn more about how we can assist you, please contact us.