What is SAS 70 and how to obtain this feature

Preamble

The Type 1 SAS 70 audit is also formally known as a "Type 1 Service Auditor's report" or "Report on controls placed on operation". The aim of audit is to analyze the service organization's controls included in maneuver and verify whether the controls have achieved customary level in due period of time. In short, the Type 1 audit report provides a snapshot for a stated period of time. With regard to cost, Type 1 audits are less costly then the extensive Type 2 audits.

Outline

With a Type 1 Audit, auditors will conduct an examination of a service firm controls in order to determine:

• If the descriptions of the controls provided by the service organization accurately illustrate all material and relevant aspects of the service organization's controls that are prepared during the specified review period.

• The controls developed are guaranteed to provide specific implementations of these controls and should comply with respective control features

Upon completion of the fieldwork, an audit report will be complied and will include the following below:

1. Report will must have Auditor's Opinion letter- Self dependent Service Auditor's Report
2. Descriptions of the service organization's controls and services provided by the organization. The descriptions will cover:-

• General controls and applications• Information and Communication System Overview
• Procedures carried out for method monitoring
• Tools for Control Environment
• The Risk Assessment Process
• User participation is considered by involving user control considerations to give access to user organization to be aware of controls accountable for user of the service.

3. Other relevant Information supplied by the management of the service organization such as management's feedback regarding the auditor's opinion

The Type 1 audit report will comprise information about service providers controls which are valuable for internal financial matters of organisation. The information provided by the Type 1 audit report may also be used by the service organization to ascertain their compliance with the Sarbanes-Oxley requirements (SOX).

With Type 1 audit report, no testing is conducted to establish the operating efficiency of the reported controls. Type 1 audit report is not very faesibly accepted as alternative for true practical testing of controls in link to financial statement or SOX .

Scope of the Type 1 SAS 70 Audit

As no specific standard norms are stipulated which needs verification while conducting SAS 70 audit. As such, each audit is tailored to the specific requirements of a service organization that is undergoing the auditing process. Some assessment is mandatory for service organization's control for specific services and IT controls that retain these services.

Scope of audit is dependent on control objectives of service organization and even supporting control activities that authorize specific control objectives of client organization under scan.

Primary Deliverable

Main content of Type 1 SAS 70 audit report should include:
• An information request list for the client to assemble all relevant documentation prior to the fieldwork

• Audit report should have 2 hard copies
• Audit report in soft copy in PDF format
• Audit report for internal use should have detailed management considerations of all spheres

Consideration for a Type 1 SAS 70 Audit
The following reasons are considerations for a service organization to conduct a Type 1 sas 70 report:

• Requirement for a SAS 70 audit report to be delivered within a short period of time in order to fulfill a contractual or RFP requirement
• SAS 70 should be prepared for only use of marketing concerns
• Necessity for SAS 70 audit is to also include user organization support for Type 1 SAS 70 audit report
• It should be very clear for Type 2 SAS 70 Audit sequel giving all information and creating certain path for next step
• Where cost is the main determinant for choosing the type of audit to be conducted
• Where the services provided by the service organization does not impact the financial reporting controls of its user organization directly.