SAS 70 Services

With more and more companies outsourcing to third parties to perform substantial business functions, it has become critical for executive managers to feel assured of the quality of their control over those outsourced functions. The key to obtaining this assurance is with the SAS 70 audit, a single report containing all or most of the user organization’s audit requirements, which cuts down on the headaches and frees up valuable time of management. CB&H uses the following methodology in performing SAS 70 engagements:

• Organization. A review of how the automated and manual functions are structured within the organization, how accounting and data processing activities are segregated, how authorization guidelines are established and how responsibility is assigned for the operation and support of all computer-related resources.
  
  
• Operations. A review of the use of manual or computer resources by relevant personnel within the organization, how information with accounting or financial significance is entered into the computer system, the extent to which integrity in the subsequent processing is achieved and the overall effort expended in the review and evaluation of computer-generated data for decision making purposes.
  
  
• Analysis and Control Activities. A review that confirms the understanding of the process flow of transactions, evaluates the effectiveness of the design of controls and confirms whether controls have been placed in operation.
  
  
• Security. A review of how the overall computer security system is designed, and the extent to which equipment, programs, data and documentation are protected from physical harm or from access by unauthorized individuals.
  
  
• Documentation. A review of how well the overall computer and data processing functions are understood by both user and data processing personnel, and the extent to which electronic and hardcopy documentation covers activities and procedures in all computer-related areas.