SAIJE Thoughts

or Put One Foot In Front of the Auditor

This is the first, short post on the steps to successfully “passing” a SAS70 Type II audit. Hopefully this roadmap will help organizations looking to incorporate the SAS70 into their operations. This will not cover what a SAS70 audit is. For more general information, visit www.SAS70.org or do your Google/Wiki searches. Future blog posts will cover each of the main headings below:

1. Determing the Need for a SAS70 Audit
2. Selecting an External Auditor
3. Determining the Scope of the SAS70 Audit
4. Reviewing Existing Controls or Developing New Controls
5. Testing the Control Set
6. Selecting a Start Date
7. Monitoring During an Audit Period
8. Managing the Audit
9. Reviewing the Findings
10. Improving the Control Set

This list is not how everyone would do it or the order they may perform it, but I feel overall this is the best method. If you feel different or think I may have missed something, comment. I’ll either respond in comments or incorporate the comments in future blog posts.

This entry was posted on Wednesday, January 30th, 2008 at 12:07 am and is filed under SAS70. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.