SAS 70 and SSAE 16 Audit and Review Services

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit is widely recognized because it represents that a service organization has been through an in-depth audit of their control activities. A SAS 70 review generally includes controls over transaction processing, systems and related processes.

SAS 70 reviews are applicable to any organization providing services for other organizations. These services include processing transactions related to financial statements and encompass application service providers, third party administrators (TPAs), bank trust departments, claims processing centers, internet data or other data processing service centers and outsourcers. Interested parties in the results of a SAS 70 review include:

  • Customers of a service organization who want assurance that the organization has a system of internal controls in place to protect the customer's data
  •  Auditors of a customer who want assurance that there are controls in place to protect their customer’s data
  • The service organization which has an independent audit of the controls it has in place to provide assurance to customers and potential customers of the integrity of their processes
  • Auditors of the service organization who obtain a detailed independent audit of the company’s system of internal controls


Agreed Upon Procedures

When a complete SAS 70 audit is not required, but you want a specific group of accounts, procedures or controls evaluated or reviewed, an Agreed Upon Procedures engagement may fit your needs.

Auditing your agreed upon procedures can involve reviewing accounts, procedures or controls to evaluate their effectiveness or accuracy. Agreed upon procedure engagements will review compliance of the processes you previously dictated. We add our auditing, accounting and risk services expertise when needed to advise you on a specific or finite course of action.

In many cases, an agreed upon procedures engagement examines service level agreements (SLAs), contract compliance, benefit plan compliance or contracts for services between two parties. These are just examples of the types of accounts, agreements and contracts that can be examined in an agreed upon procedures engagement. Upon completion of the agreed upon procedures engagement, a report is issued for your review, often with suggestions and recommendations.

We have the experience your company needs. Because of our risk services expertise in  performing SAS 70 audit and reviews in multiple industries, we are able to draw upon the knowledge and experience necessary to deliver extraordinary results to your organization. To learn more about our SAS 70 and SSAE 16 services, please contact us today.


Fiduciary Compliance

We help you fulfill the fiduciary responsibilities of your benefit plans by helping you focus on the interests of plan participants and beneficiaries. Our affiliate, Benefit Plans Plus LLC, offers a Fiduciary Health CheckTM that identifies opportunities, improves procedures and enhances systems. 


HIPAA Evaluations

We help you comply with HIPAA regulations by performing a gap analysis, constructing implementation plans or providing policies, procedures and resources. We can also assist you in assessing the business impact of HIPAA regarding the applicability of regulations, and its effect on business processes, controls and reporting requirements.

Click to receive your complimentary copy of Insights magazine.