It Hosting Companies: Sas 70 Audits And Sox Compliance

Do you work with an IT hosting company? Are you looking for more information about the relationship between Statement of Auditing Standards No

. 70 and Sarbanes-Oxley Act Compliance? This article will discuss how a SAS 70 Audit eases the process of complying with the Sarbanes-Oxley act for IT hosting companies.

On July 30, 2002, the American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act, was signed into law. The Sarbanes-Oxley Act has had a dramatic affect on IT hosting companies as well as business as a whole. Businesses now must provide financial evidence that their accounting house is clean and ensure that their IT hosting companies comply with SOX guidelines. This Act has put into law tougher regulations for business of all sizes and has drastically changed the nature of hiring a 3rd party provider for IT hosting and especially enterprise hosting services.

Although the Sarbanes-Oxley Act rose to prominence on the wrongdoings of large, public companies, there's now a new level of expected compliance that cascades down to private companies, using IT hosting companies, as well. In short, any private company - large or small - that has a requirement for an audit (especially from a national auditing firm) will likely have to comply with the spirit of Sarbanes-Oxley.

SAS 70 is an auditing standard developed by the American Institute of Certified Public Accountants for service organizations. As it relates to IT outsourcing, a SAS 70 audit is the means through which an auditor examines an outsourcer's control activities, particularly around IT and related processes.

A SAS 70 Type II audit is widely recognized because it represents that an IT hosting service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. The requirements of Section 404 of the Sarbanes-Oxley Act make SAS 70 audit reports even more important to the process of reporting on effective internal controls at outsourcing organizations.

The PCAOB states that Statement of Auditing Standards No. 70 (SAS 70), Service Organizations (AU section 324) applies to the audit of financial statements of a company that obtains services from another organization that are part of its information system. In short, PCAOB Auditing Standard No. 2 indicates that evidence about the operating effectiveness of controls at a service organization can be obtained from a Type II SAS No. 70 report.

In other words, the auditing firm for an enterprise who has outsourced its IT function can rely on a SAS 70 Type II audit report as evidence that specific control objectives are appropriately designed and functioning. If the scope of the control objective matches the company's requirements, the audit report can be relied on.

With this brief background, it's easy to understand why the SAS 70 Type II has attracted so much attention from IT hosting companies. A SAS 70 Type II examination signifies that a service organization has had its control objectives and control activities examined by an independent auditing firm. A formal report including the auditor's opinion is issued to the service organization at the conclusion of a SAS 70 Type II examination, which can then be supplied by the services organization to its IT hosting clients.

by: Chuck Vermillion

POST COMMENT

To The Car All Summer, The Pay Attention When Doing Maintenance Secure Bike Parking Is Needed To Ensure Cycling Growth Top Cars for Gay Guys Advantages Of Buying Cars Online Grow Your Audience With Social Media Management Collector cars of the future Hybrid Used Cars offer the best value and savings Finding The Perfect Used Car Create A Plan To Crank Up Your Marketing Engine. How To Get The Best Car Wreck Lawyer Know The Pros And Cons Of Vehicle Rental FAMILIARITY OF THE "PRODUCT AUDIT" The Importance Of No Surprises With Vehicle Rental