Why Your Customers Want You to Have a SAS 70 and why you should get one - PowerPoint PPT Presentation

Loading...

PPT – Why Your Customers Want You to Have a SAS 70 and why you should get one PowerPoint presentation | free to view - id: 1eb815-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Why Your Customers Want You to Have a SAS 70 and why you should get one

Description:

Risk management is being driven home hard with new accounting pronouncements. ... 70 audit is a certification from a plumber that the pool pump, filter, and pipes ... – PowerPoint PPT presentation

Number of Views:106
Avg rating:3.0/5.0
Slides: 18
Provided by: jm146
Category:
Tags: sas | customers | one | plumber | want

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Why Your Customers Want You to Have a SAS 70 and why you should get one


1
Why Your Customers Want You to Have a SAS 70
(and why you should get one)
  • Joseph E. Maddox, CPA
  • SAS 70 CPA
  • (866) 446-4038

2
Why do my clients want me to have a SAS 70?
  • SAS 70 is the gold standard of credibility.
  • It reduces their risk. Risk management is being
    driven home hard with new accounting
    pronouncements.
  • It reduces their audit and compliance costs. It
    literally pushes the cost down their supply chain.

3
As a Service Organization, you have Access to 
4
How does your company
  • Safeguard client funds and information?
  • Ensure client transactions are complete,
    accurate, and timely?
  • Reconcile transactions for your clients?
  • SAS 70 gets these answers to your customers.

5
How SAS 70 Pays for Itself
  • Verifies customers integrity.
  • Reduces additional audit expenses.
  • Governments and Purchasing agents know to include
    SAS 70 requirements in RFPs. (Ohio, New York,
    and many others)

6
What is a SAS 70?
  • An independent CPA firm examines a companys
    internal control environment and issues an
    opinion as to whether the existing controls in
    place are adequate to achieve the desired results
    if the controls were operating as designed (Type
    I) and includes tests of those controls (Type II).

7
The two types of SAS 70 audits
  • Type I a snapshot as of a certain date, no
    tests of controls, not SOX-compliant
  • Type II covers a specified period of time
  • (6-12 months), service auditors perform tests of
    internal controls, complies with Section 404 of
    SOX
  •  

8
SAS 70 terminology
  • Service Organization
  • User Organization
  • Service Auditor
  • User Auditor
  • Subservice Organization

9
The Swimming Pool
  • The pool is the user organization
  • The water is the financial assets, resources,
    employee, and client information
  • The pool walls keep the water from leaking out
  • User auditors measure the water to insure no
    leakage
  • But theres more to it than that

10
The Swimming Pool (cont.)
  • The water routinely leaves the pool walls, gets
    processed (chlorinated, filtered, and
    pressurized) and is returned to the pool (ACH
    withdrawals and direct deposits)
  • The pool pump is the service organization
  • The SAS 70 audit is a certification from a
    plumber that the pool pump, filter, and pipes
  • (the service organization) arent leaking

11
Why go through a SAS 70?
  • If a service organization has a SAS 70 audit
    conducted, user organizations are relieved from
    having to send their own auditors to conduct
    tests of internal controls at the service
    organization.
  • Improved efficiencies, improved internal
    controls, risk reduction, reduced risk of theft,
    fraud or defalcation, cost savings on EO
    insurance policies, future IPO/MA, etc.

12
Elements of Internal Control
  • Control Environment
  • Risk Assessment
  • Information and Communication
  • Monitoring
  • Control Activities

13
Scope How are transactions
  • Initiated?
  • Authorized?
  • Processed?
  • Recorded?

14
Client (user) responsibilities
  • What reports are provided to your clients and
    management?
  • Production (collections) reports
  • Usage reports (contacts, placements, etc.)
  • Exception reports (returned clients, write-offs,
    etc.)

15
New Laws increase Internal Control Pressures
  • Specter-Leahy Personal Data Privacy and Security
    Act
  • Graham-Leach-Bliley
  • PCI (Payment Card Industry audits)
  • And more are coming

16
Conclusion
  • SAS 70 is now a permanent part of the business
    landscape. Make it work for you.
  • Questions?

17
  • Thank You!
  • Joseph E. Maddox, CPA
  • JMaddox_at_sas70cpa.com
  • (866) 446-4038
  • www.SAS70CPA.com
About PowerShow.com