What is SAS 70 focused on?

The focus of SAS 70 is on service organization control reports, specifically regarding the internal controls at a service organization that are relevant to user entities’ internal control over financial reporting. SAS 70 has been widely used and referenced by organizations to assess the effectiveness of the controls implemented by a service organization.

SAS 70 reports enable firms to evaluate the level of assurance surrounding controls in place for various services that could impact their financial reporting processes. This is particularly crucial for companies that outsource functions such as payroll or data hosting services, as they need to ensure those third-party providers have adequate controls in place.

It is important to note that SAS 70 has been replaced by two new standards: SOC 1 and SOC 2, which provide more detailed frameworks for reporting on controls. The transition from SAS 70 to these new standards reflects the evolution of compliance and audit practices to better meet the needs of organizations.

Thus, it is clear that SAS 70 primarily concerns service organization control reports that focus on internal controls relevant to financial reporting, establishing it as an essential tool for risk assessment and management in outsourced processes. Understanding this context is crucial for effective audit and compliance strategies within organizations.