SAS 70 is an acronym which stands for Statement on Auditing Standard 70.

It was developed and is maintained by the AICPA - American Institute of Certified Public Accountants.

Specifically, SAS 70 is a "Report on the Processing of Transactions by Service Organizations".

Professional standards are set up for a Service Auditor that audits/assesses internal controls of a service organization. At the end of the audit, the Service Auditor issues a crucial report called the "Service Auditor's Report".

It is very important to note thatSAS 70 is not a barebones checklist audit. Rather, it is an extremely thorough audit that is used chiefly as an authoritative guidance.

Further, there is a substantial difference between the Type I and Type II reports. Type II reports are even more thorough, because the auditors also give an opinion on how effective the controls operated under the defined period of the review. Type I reports only list the controls in place, while Type II reports on the review, testing and efficacy of these controls to reasonably assure that they are working correctly.
1099services2016003001.jpg
For more information please visit this site:
 
       http://www.sas70.com/about.htm
SAS 70 Type II