HOME         ABOUT US         NEWS & EVENTS         MEASURABLE DIFFERENCE         CONTACT         JOIN OUR TEAM
Brown Smith Wallace LLC
  HOME  > RISK SERVICES  > SAS 70 & Third Party Assurance 

SAS 70 and Third Party Assurance

SAS 70

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit is widely recognized because it represents that a service organization has been through an in-depth audit of their control activities. A SAS 70 review generally includes controls over transaction processing, systems and related processes.

SAS 70 reviews are applicable to any organization providing services for other organizations. These services include processing transactions related to  financial statements; and encompass application service providers, third party administrators (TPAs), bank trust departments, claims processing centers, internet data or other data processing service centers and outsourcers. Interested parties in the results of a SAS 70 review include:

  • Customers of a service organization who want assurance that the organization has a system of internal controls in place to protect the customer's data
  •  Auditors of a customer who want assurance that there are controls in place to protect their customer’s data
  • The service organization which has an independent audit of the controls it has in place to provide assurance to customers and potential customers of the integrity of their processes
  • Auditors of the service organization who obtain a detailed independent audit of the company’s system of internal controls

Agreed Upon Procedures

When a complete SAS 70 audit is not required, but you want a specific group of accounts, procedures or controls evaluated or reviewed, an Agreed Upon Procedures engagement may fit your needs.

Auditing your agreed upon procedures can involve reviewing accounts, procedures or controls to evaluate their effectiveness or accuracy. Agreed upon procedure engagements will review compliance of the processes you previously dictated. We add our auditing, accounting and risk services expertise when needed to advise you on a specific or finite course of action.

In many cases, an agreed upon procedures engagement examines service level agreements (SLAs), contract compliance, benefit plan compliance or contracts for services between two parties. These are just examples of the types of accounts, agreements and contracts that can be examined in an agreed upon procedures engagement.

Upon completion of the agreed upon procedures engagement, a report is issued for your review, often with suggestions and recommendations.

We have the experience your company needs. Because of our expertise in  performing audits and SAS 70 engagements in multiple industries, we are able to draw upon the knowledge and experience necessary to deliver extraordinary results to your organization.

Fiduciary Compliance

We can help you fulfill the fiduciary responsibilities of your benefit plans by helping you focus on the interests of plan participants and beneficiaries. Our affiliate, Benefit Plans Plus LLC, offers a Fiduciary Health Checktm that identifies opportunities, improves procedures and enhances systems.  

HIPAA Evaluations

We can help you comply with HIPAA regulations by performing a gap analysis, constructing implementation plans or providing policies, procedures and resources. We can also assist you in assessing the business impact of HIPAA regarding the applicability of regulations, and its effect on business processes, controls and reporting requirements.

Payment Card Risk Services

Payment card (e.g., debit and credit cards) risk services help to ensure protection of your customers’ privacy. Businesses rely on credit or debit cards to process monetary transactions every day. Likewise, there are constant unsolicited and illegal attempts to access the cardholder data contained in those transactions. It is more important than ever for your business to have controls in place to adequately protect consumer information.

In 2004, VISA and MasterCard security standards were endorsed by the four other card brands creating the Payment Card Industry (PCI) Data Security Standard. This unified security program was designed to protect credit card data based upon fundamental security controls. Compliance with the PCI Data Security Standard is required of all merchants and service providers that store, process or transmit cardholder data.

As a certified approved scanning vendor (ASV), our team of experienced information security professionals can help ensure your business is compliant with the PCI Data Security Standard by performing:

  • PCI compliance reviews or audits
  • PCI compliance gap assessments
  • PCI network compliance scans and reviews
  • PCI service provider assessments
    • Transaction processors
    • Payment gateways
    • Call centers
    • Remittance processing companies
    • Managed firewall and IDS providers
    • Web and data hosting providers
           

To see how we make A Measurable DifferenceTM Contact Us

 

 HOME | TAX | AUDIT | RISK | FINANCIAL ADVISORY | RECESSION | INSURANCE 
NOT FOR PROFIT | INDUSTRIES | AFFILIATES | PRIVACY | LEGAL | SITE MAP

Thursday July 29th 2010 09:02:10 am


ST. LOUIS 314.983.1200
ST. CHARLES 636.255.3000
HIGHLAND,IL 618.654.3100
TOLL FREE 888.279.2792

Ted Flom
CPA, CISA,CIA
Member in Charge
314.983.1294
tflom@bswllc.com

Anthony Munns
CISA, CIRM, CITP
Risk Services
314.983.1297
amunns@bswllc.com

Chris Menz
CPA
Business Development
314.983.1227
cmenz@bswllc.com

Get More Information