SAS70 - Definition

Statement on Auditing Standards (SAS) No. 70, is an internationally recognized auditing standard that was developed by the American Institute of Certified Public Accountants (AICPA) in 1992.

SAS70 is used to report on the processing of transactions by service organizations, and provides an authoritative guidance that enables service organizations to disclose control activities and processes to auditors and customers in a uniform format.

Service organizations are organizations that provide outsourcing services that impact the control environment of their clients, such as insurance and medical claims processors, trust companies and credit processing organizations.

Service organizations which provide services to healthcare companies are often required by their clients to have a SAS70 audit conducted to ensure that an independent third party has conducted an objective examination of the controls used when processing sensitive healthcare information.

When a service auditor issues a report that has been prepared in accordance with SAS70, this signifies that a service organization has had its control activities and control objectives examined by an independent accounting and auditing company. 

SAS70 provides the necessary guidance which will allow an independent auditor (service auditor) to issue an opinion on a service organization’s description of control through a Service Auditor’s Report.

SAS70 is applicable when an independent auditor (user auditor) plans the financial statement audit of an organization (user organization) that receives services from another organization (service organization). 

During an audit of a user organization’s financial statements, the user auditor will obtain an understanding of the organization’s internal control that is comprehensive enough to plan the audit as required in SAS 55 (Consideration of Internal Control in a Financial Statement Audit). 

The identification and evaluation of the relevant controls is an important aspect of the user auditor’s overall approach.
When dealing with service organizations that provide transaction processing or other data processing services to a user organization, the user auditor will need to gain an understanding of the controls used by the service organization in order to plan the audit and evaluate control risks.

Home| About Us | Hospital Registration QA Software Solutions | Clients | Forum | Service & Support | Contact Us
Registration Quality Improvement for Hospitals and Healthcare | Managed Care Contract Compliance for Hospitals



© 2010 Kramer Healthcare Technologies. All Rights Reserved. 500 South Magnolia Avenue | Orlando, Florida 32801 | 866.348.6358
Privacy Policy & Powered by JBM webmasters | Additional Graphics by Dan Meneely Design