What is SAS 70 Online?

SAS 70 Online is a service by which you can engage our professional accounting firm to perform your organization’s SAS 70/SSAE 16. In a few short steps, you can begin your SAS 70/SSAE 16 today. We offer an online process for you to:

  • Engage our firm
  • Learn what is necessary to complete your SAS 70/SSAE 16
  • Receive advice and guidance from certified professionals as you prepare for your SAS 70/SSAE 16
  • Submit your documentation for review, and
  • Ultimately, schedule the onsite audit at your location

SAS 70 Online then becomes your support mechanism to:

  • Maintain your documentation as an audit trail
  • Receive continuous guidance and recommendations from certified professionals, and
  • Efficiently organize your annual SAS 70/SSAE 16 requirements

What is SAS 70

What is SSAE 16?

Do I Need SAS 70/SSAE 16?

What Are SOC Reports?

Trust Services

Internal Controls

SYS TrustSM

WEB TrustSM

SOC Reports Brochure

What is SAS 70

The American Institute of Certified Public Accountants (AICPA) issued a Statement on Auditing Standard No. 70 (SAS 70). SAS 70 is the definitive standard by which user organizations (companies that use outsourced service providers) and their auditors can gain comfort that controls at the third-party service providers are adequate to prevent or detect a related material error that could impact the user organization's financial statements.

WHAT IS SSAE 16?

The American Institute of Certified Publice Accountants (AICPA) issued a Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organizaton. SSAE 16 was intended to replace the SAS 70 audit. While the SSAE 16 uses much of the same groundwork as the SAS 70, the SSAE 16 audit broadens the use of the Service Auditor's Report. The SSAE 16 audit addresses engagements conducted by service auditors on service organizations. The SSAE 16 audit tests the design of the controls and the operating effectiveness of the service organization.

Do I Need SAS 70/SSAE 16?

Do your clients outsource aspects of their information system to your organization? If so, their auditors may need to gain an understanding of controls at your organization that may affect the user organization's financial statements. SAS 70/SSAE 16 explains the means for a service organization to obtain a single audit report for use by its clients' auditors to plan and conduct audits of financial statements. One of the objectives of SAS 70/SSAE 16 is to preclude the need for each user auditor to conduct its own audit of the service organization's controls. A SAS 70/SSAE 16 Type I report covers the suitability of the controls' design. Alternatively, a SAS 70/SSAE 16 Type II report covers the suitability of the controls' design but also assesses whether the controls are operating effectively.

What Are SOC Reports?

SOC reports are reports issued by Certified Public Accountants (CPAs) that report on a service organizaton's controls. When user entities utilize the services of a service organization, the risks of the servie organization then become risks of the user entities. SOC reporting delivers a more effective framework for providing assurance on the controls in a service organization. The AICPA has developed three Service Organization Control (SOC) reporting options (SOC 1, SOC 2, and SOC 3) to enable CPAs to better examine the controls and allow management to understand the risk.

Trust Services

Trust Services are principles and criteria that are designed to monitor the controls of a service organization. These criteria provide the necessary assurance of avoiding risks and insuring security of sensitive information. These criteria focus on the security of a system against unauthorized access, the availability of a system for operation and use as agreed, the complete, accurate, timely, and authorized processing integrity, the confidentiality of information, as well as the privacy of personal information that is collected, used, retained, disclosed, and destroyed in compliance with the entity’s privacy notice..

Internal Controls

ICPA Professional Standards AU section 314 indicates that internal control is "a process-effected by those charged with governance, management, and other personnel-designed to provide reasonable assurance regarding the achievement of objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations." SAS 70 Online provides a selection of Control Objectives for you to use to establish your own. Many of these Control Objectives originate from the AICPA, IT Governance Institute and the International Standards Organization.

SysTrustSM

SysTrust is an assurance service in which SAS 70 Online tests and reports on the effectiveness of controls over system reliability. The engagement addresses controls over system availability, security, integrity and maintainability, which are based on pre-established control objectives. The SysTrust report addresses financial and non-financial systems for the benefit of management, customers and business partners.

WebTrustSM

WebTrust is an attestation service in which SAS 70 Online reports on management's assertion about a Web site. The WebTrust program is modular by design so a practitioner may report on various aspects of a Web site based on criteria established for online privacy, confidentiality, availability, business practices/transaction integrity, security, non-repudiation and certification authorities.

SOC Reports Brochure

Download the SOC Reports brochure below.

Download +