Home
About Us
Services
Our Process
Resources
FAQs
Contact

   Home » Our Process


 

Our Process

The SAS 70 process is complex and time consuming and must be performed by qualified and experienced professionals. Like any outsourced service agreement, there are those who may believe that it was designed to simply create billable hours. For organizations that are not prepared or who are working with auditing firms with large overhead, it may feel that way.

However, at IS Partners, we differentiate ourselves by bringing highly qualified and experienced staff to each engagement. We are not training junior staff on your time. Our professionals have conducted many SAS 70 audits for organizations of all industries and sizes.

To minimize cost, meet expectations and avoid disrupting your business, IS Partners has developed a structured, four-step engagement process that emphasizes efficiency, commitment, and a keen desire to meet our client's objectives. Each phase is executed in a thoughtful and diligent manner, producing the results and content ultimately needed to issue a SAS 70 service auditor's report.

I. Scope Assessment

We actively identify and examine all critical elements necessary for the engagement's success during this initial phase. A member of our Audit Assurance Team will communicate upfront with the client to gain an understanding and commitment with respect to the following issues:

• Inquiry of systems and processes
• Engagement costs
• Employee involvement
• Tentative milestone dates

II. Inquiry and Observation

Our Audit Assurance Team will extensively identify all elements within your organization bearing a relationship or connection to the activities associated with a SAS 70 engagement. Specifically, we will inquire about the following:

• The organization's control environment and corporate tone
• The Systems Development Life Cycle (SDLC) of the specific
program or platform that is currently being implemented
• The data center (hosting environment) and surrounding
hardware and software applications

III. Internal Control Examination

During this phase, we will examine all significant general and application controls within the supporting systems. After careful observation, the Audit Assurance Team will create a list of deficiencies, propose remediation for these very controls, and document all information and activities during this period. If control remediation is necessary, a period usually lasting no more than one week is allotted to give your organization the time and resources to correct or strengthen the various internal controls. Immediately thereafter, a final walk-through and examination of all internal controls would then be conducted. This would effectively conclude the field work for a SAS 70 Type I, resulting in an opinion on the description of controls and an issuance of a Type I Service Auditor's Report.

IV. Design and Testing

If the engagement moves into the next phase, then your organization has requested a SAS 70 Type II audit, which calls for the design and testing of the general and application controls within the supporting systems over a six-month period. We will actively work with your employees to assist in designing controls that require subsequent testing. This becomes an engaging and interactive session where our firm and your employees collectively build a true working relationship in assessing all the elements associated with supporting systems. Following this process, all controls will be tested for effectiveness and controls requiring remediation will be corrected. All fieldwork will be documented, which aides the Audit Assurance Team for the issuance of a SAS 70 Type II Service Auditor's Report.




  |  Terms of Use   |  Privacy Policy   |  Contact Us

Copyright © 2002 - 2009 IS Partners, LLC All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. The term “Interactive Solutions” collectively refers to IS Partners, LLC and its respective affiliate audit firm, both of which are licensed CPA firms.