Assurance Services
- Audit
- Internal Audit
- Risk Advisory Services
- IT Audit
- Forensic Accounting
Tax and Business Services
- Tax Compliance and Planning
- Business Services
- Property Tax
- State and Local Tax Consulting
- International Consulting
- Business Valuations
- Succession Planning
Benefit Administration Services
Financial Advisory Services


SAS 70

Only a registered CPA firm can issue a SAS 70 report. Weaver and Tidwell brings both registered CPAs and experienced internal controls professionals to the table allowing you to utilize one source for SAS 70 reporting. Weaver and Tidwell is a full service CPA firm with a group dedicated to internal control services.

At Weaver and Tidwell, L.L.P., our SAS 70 Type II engagements cover controls over the five components of COSO as integrated with best practices in IT and general computer controls based on COBIT.

The following process are three phases of the SAS 70 Type II:

  1. Evaluate Internal Controls at entity and application level, including organizational and administrative controls as part of the control environment and computer operation controls. This phase focuses on the control structure design as defined by the five components of COSO and IT general computer controls. In addition, we will review the general and application controls. The basis for the control structure is the strength of the design of the organizational general and application controls.
  2. Review, test and evaluate the operating effectiveness of the internal control structure at the process, transaction and application level by performing tests of identified controls.
  3. Issue Independent Service Auditor’s Report.

The Sarbanes-Oxley act, the Gramm-Leach-Bliley privacy act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and California’s SB1386 notification act all require that sensitive data be protected. Service providers that handle sensitive data are required to protect that data, and provide reasonable assurance of such protection.

A SAS 70 report with an unqualified opinion indicates your organization, as a service provider, has well designed and effective controls over your operation; and that the likelihood of operational failure or corruption of data is mitigated. A SAS 70 report demonstrates your infrastructure, applications and processes have passed rigorous, independent third-party testing and operates in an environment that incorporates the processes and controls that are necessary for effectively hosting and/or exchanging corporate data and financial information.

A SAS 70 report demonstrates your business commitment to greater levels of reliability, availability and security.

What does that mean to you? If you are an outsourced service provider and service companies such as public entities and financial institutions, your internal controls must meet the same high standard as the organizations you serve. A SAS 70 report is an independent assessment validating that your company operates in a sound control environment with established risk management practices.

Obtaining an annual assessment of your network and data integrity controls illustrates your commitment to meeting not only regulatory mandates, but also your clients’ requirements and expectations.

Your clients and prospects need to be confident you provide secure services in an environment that meets regulatory requirements. An independent assessment of your network and data integrity controls achieved through periodic SAS 70 examinations provides evidence of sound control environments and risk management practices.

Resources

SAS 70 Type II SOQ

SAS 70 Reports-Benefits To Your Organization And Frequently Asked Questions

SAS 70 Overview

SAS 70 Reporting-What It Says About Your Business

SAS 70 Reporting-Accuracy. Security. Completeness

SAS 70 Reporting-Strengthen Existing Client Relationships And Attract New Ones

For more information about our internal audit services, contact:
Alyssa Martin, CPA, Partner, Risk Advisory Services at 972.448.6975.