What is a service organization required to disclose in an audit under SAS-70? Are there any basic standards on how would a service organization disclose its internal controls? The answers to these questions are often sought by management of the service organizations. SAS-70 allows the service organizations to disclose their internal control activities and the objectives which are sought to be achieved in any manner which they deem fit. However, for any SAS-70 audit assignment to bear the maximum disclosures benefits to the user i.e. customers and their auditors, all service organization must disclose their internal controls in such a manner that it satisfies the auditors of the user organizations. For this purpose, the service organization's must include in the description of internal controls five key components which are the backbone of internal controls as provided for in SAS No. 55 aptly named “Consideration of Internal Control in a Financial Statement Audit” Control Environment: The environment in which the controls work in an organization, and which influences consciousness of its employees with respect to the internal controls. This control environment forms the basic foundation of all other components of controls, by providing them structure and discipline. Risk Assessment: It defines how the organization identifies and analyses the relevant risks in the process of its achievement of the objectives which form the basis for determining why and how the risks so identified should be handled and managed. Control Activities: These are the internal control procedures and policies which helps the management of the organization to ensure that its directives and orders are carried out. Information and Communication: These are processes by which help the capture, identification, and exchange of communications and information in the desired form and within the time frame that enable the employees of the service organizations to carry out their duties and responsibilities. Monitoring: This is the process by which the management assesses the quality of performance of the internal control procedures over time.
Article Source: http://www.articlecontentprovider.com/articlesubmit
What is a service organization required to disclose in an audit under SAS-70? Are there any basic standards on how would a service organization disclose its internal controls? The answers to these questions are often sought by management of the service organizations. SAS-70 allows the service organizations to disclose their internal control activities and the objectives which are sought to be achieved in any manner which they deem fit.
Tom Read writes on topics such as SAS 70 and SAS 70 Visit Disclosures under SAS-70.
Please Rate this Article
5 out of 5 4 out of 5 3 out of 5 2 out of 5 1 out of 5
