Many organizations outsource some of their core processes to third party companies. These might be business or knowledge process outsourcing units. A relevant question here is that how does such outsourcing of critical business activities affect Sarbanes Oxley compliance. The new auditing standard 5 issued by the PCAOB requires the statutory auditor to obtain a SAS 70 report i.e. a service auditor's report on controls placed in operation and their operating effectiveness. The auditor needs to
evaluate thereport to see whether it provides sufficient evidence in support of his opinion.

While the auditor evaluates this report, it is important that the auditor considers certain important factors such as:

1. The scope of the controls and the applications covered, the controls that were tested and the way in which such controls relate to the company's controls.

2. Time period covered by the SAS 70 report, and its relation to the date of management's assessment of internal control.

3. The final opinion given in the SAS 70 report i.e. the results of the test of controls and the service auditors opinion on the operating effectiveness of controls.

Related Posts

How to Conduct SAS 70 Audits
SAS 70 Type II Report
SOX Document Retention Requirements
SOX Research Papers