SAS 70 is an acronym which stands for Statement on Auditing Standard 70.
It was developed and is maintained by the AICPA - American
Institute of Certified Public Accountants.
Specifically, SAS 70 is a "Report on the Processing of Transactions by Service Organizations".
Professional standards are set up for a Service Auditor that audits/assesses internal controls of a service organization. At the end
of the audit, the Service Auditor issues a crucial report called the "Service Auditor's Report".
It is very important to note thatSAS 70 is not a barebones checklist audit. Rather, it is an extremely thorough audit that is used chiefly as an authoritative guidance.
Further, there is a substantial difference between the Type I and Type II reports. Type II reports are even more thorough, because
the auditors also give an opinion on how effective the controls operated under the defined period of the review. Type I reports only
list the controls in place, while Type II reports on the review, testing and efficacy of these controls to reasonably assure that
they are working correctly.
For more information please visit this site: