Services

SAS 70 Service Organization Audits

Companies want to be assured of the safety and integrity of any data being handled by a third-party service organization. SAS 70 audits and Shared Assessments agreed-upon procedures (AUPs) provide this assurance by examining, documenting, and if needed, testing an array of internal controls within third-party service organizations.

If your company provides outsourcing services and is required to complete a Type I or Type II SAS 70 audit, Shared Assessment, or other service organization audit, Reznick Group can help. Our service organization audits and AUPs are performed Certified Information Systems Auditors (CISA) with years of IT audit experience. These audits serve to confirm the quality of internal controls to the client of a service organization. For companies using services from a service provider or third-party vendor, a Reznick Group SAS 70 service organization audit or Shared Assessments AUP can be a cost effective enhancement to your vendor management program.

Engagement Process

• Pre-Assessment
  If desired, our SAS 70 team will issue a custom report of established and recommended controls for your organization’s consideration.
• Identification of Control Objectives
  Our SAS 70 team members work with you to identify business process and IT control objectives to be audited.
• SAS 70 Report Execution
  We work with you to craft your description of controls, and ensure all relevant identified controls are tested.
• Finalization and Delivery
  Issues are identified and communicated to you. Our SAS 70 audit team then makes specific recommendations for improvement and delivers a final SAS 70 report.
• Shared Assessments AUP
  Your firm can take advantage of the overlap and efficiencies of simultaneously performing a SAS 70 service organization audit with a Shared Assessments AUP or stand-along assessment.  Reznick Group’s experienced auditors and structured approach will help to deliver a quality report that accurately reflects your environment and controls.