SAS 70 and Sarbanes-Oxley Act of 2002
With the introduction of the Sarbanes–Oxley Act of 2002 (SOX), SAS 70 took on increased importance. SOX adopted the COSO model of controls, which is the same model that SAS 70 audits have used since inception. SOX heightened the focus placed on understanding the controls over financial reporting and identified a Type II SAS 70 report as the only acceptable method for a third party to assure a service organization's controls. Security "certifications" are excluded as acceptable substitutes for a Type II SAS 70 audit report. PCAOB's Audit Standard No. 5 (which replaced AS 2) details how a SAS 70 audit should be used in relation to SOX.
Read more about this topic: Statement On Auditing Standards No. 70: Service Organizations
Famous quotes containing the word act:
“Old age equalizes—we are aware that what is happening to us has happened to untold numbers from the beginning of time. When we are young we act as if we were the first young people in the world.”
—Eric Hoffer (1902–1983)