Mueller CPA

SAS 70 Audits

The Mueller & Co., LLP Solution

Due to the sophistication of many service organizations processes, few CPA firms have the high-level skill and qualifications needed to perform SAS 70 audits. Our professionals have been providing audit and related services, including designing, implementing and testing internal controls, throughout their careers and excel in this area.  We can help you fulfill your SAS 70 requirements in an effective, cost efficient manner.

More than 38 years experience

Only an independent certified public accountant (CPA) or CPA firm can perform a SAS 70 engagement.  As a CPA firm with more than thirty-eight years of exemplary service, our SAS 70 engagements adhere to the professional standards established by the AICPA.  We here at Mueller & Co., LLP offer two types of SAS 70’s: Type I and Type II. Type I: reports on controls placed in operation as of a specified date. Type II: reports on controls placed in operation and tests operating effectiveness during a specified time, usually 6 to 12 months.

SAS 70 Report - Value Added Service

A SAS 70 audit can offer many potential benefits to service organizations.  The following are a few examples of the many benefits our clients may experience.

  • A SAS 70 report allows a company to provide outside parties with independent third party verification regarding the state of their internal controls.
  • Undergoing a SAS 70 audit often distinguishes a company over its competitors
  • A SAS 70 report is often accepted by third parties such as customers, customer’s external auditors, and regulatory auditors, as a substitute for those parties performing their own audit

SAS 70 Defined

Statement on Auditing Standards No. 70 (SAS 70) was developed by the AICPA to define the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.  This report recognizes that a service organization has been through an in-depth audit of their internal control processes.

Beneficiaries of the SAS 70 Report

Some examples of service organizations that benefit from a SAS 70 are: insurance and medical claims processors, payroll companies, trust companies, hosted data centers, application service providers and managed security providers among many others.  Traditionally, this audit report is primarily used as auditor-to-auditor communication.  The auditors of the service organization’s customers can use the service auditor’s report to gain an understanding of the internal controls in operation at the service organization.