In the wake of Section 404 of Sarbanes-Oxley, Compliance Week has written extensively about SAS 70 Type II audits. (see coverage below, right.) The audits have become increasingly important for some public companies; management has to assess the effectiveness of the company’s internal control over financial reporting, and critical outsourced services that might materially impact those controls—like payroll, for example—are included. As a result, many companies are insisting that certain vendors undergo “SAS 70 Type IIs.” The audits refer to an AICPA standard that sets forth the practice for evaluating the performance of outside service organizations (a “Type I” audit describes the business’ controls, noting if they are suitably designed and in place; a “Type II” audit tests those controls and reports if they are working adequately). This week we speak with the two executives from a services procurement solutions provider that recently issued such a SAS 70 Type II report.
Why did you embark on a SAS 70 Type II audit?
