Statement on Auditing Standard SAS No. 70 "Service Organizations" is issued by the AICPA American Institute of Certified Public Accountants. In a SAS 70 engagement, an independent audit report is issued to the service organization called the Service auditors report.

A question normally comes to mind, when exactly is SAS 70 report used? Generally, SAS 70 is used when an auditor is auditing the financial statements of an entity (user organization) that obtains services from another organization (serivce organization). Such service providers may include claim processing centers, data centers, call centers, service bureaus etc. SAS 70 reports gives a level of comfort to the user organizations auditor that relevant controls are in place and working appropriately in the service providers organization. However, SAS 70 is not a predetermined set of control objectives or control activities that service organizations should achieve.

More Internal Control Literature >>

Corporate Code of Ethics , COSO Objectives , Common Fraud Types , Internal Control Process