ELVIN EWING

This is due in large part to the enormous growth of regulating Colocation Houston compliance legislation, particularly the Sarbanes-Oxley Act of 2002 (SOX), along with other notable provisions, such as HIPAA and Gramm Leach Bliley (GLBA).
If your primary organization is being asked to be SAS 70 compliant, you have to find out what this long-term expectations are in the entity requesting you to be compliant. Is this a singular event only? Are they requesting for annual SAS 70 complying? Do you have to become SAS 70 Type II compliant for any first audit or will a sort I audit suffice?

Once you have a strong understanding of these above parameters, you can begin to consider a qualified CPA company to conduct the audit. Buyer beware. You get that which you pay for, so going for the low cost provider would likely end up giving you a report of poor top quality, which could ultimately do more harm than superior. And why is which? Because the intended users these reports who use them are traditionally well-skilled with reading and digesting these reports, so they better be top quality. Obtain proposals from firms that are not too small, but not too large. A national boutique CPA firm that specializes in SAS 70 audits would be a good choice. There fees may be reasonable, they would conduct the audit in the efficient manner and prepare the final report in an acceptable timeframe.

SAS 70 Hot Button Issues

But before you decide to sign on the speckled line, make sure you obtain at least three proposals, and be certain you discuss these points with every CPA firm that you're receiving a fee quote from:

SCOPE -Is the audit going to be a general controls audit or do you find it going to include an study of specific business processes or even business drivers. This is critically important as it can certainly significantly change the fee with the audit. Many CPA firms offers you a proposal, but it could be for a straightforward, standard controls only, so make sure this is discussed.

COSTS -Is the fee a set fee that is, are out of pocket together with travel related expenses use in the audit fee. In any other case, make this a requirement. Why? Because fees that are decided to that do not include a fixed fee provision will end up costing an additional 10% to 20% on the proposed fee. Remember, auditors ought to travel, sleep in hotels and feed their bodies, and this can obtain expensive.

EXAMINATION PERIOD- If buying proposal for a SAS 70 Type II audit, you have got to identify and agree to the test period. SAS 70 Type II exam test periods traditionally range between six (6) to twelve (12) months; however, extenuating circumstance can lead to a shorter test period. The test period is critical for identifying because it also drives prices, to some sort of marginal degree. Think a proposal from your CPA firm for a 6 month SAS 80 Type II audit could be the same fee as some sort of twelve month audit? Absolutely not. Again, identify the time frame for testing before you receive the proposals from any firm.

SAS 70 READINESS QUESTIONNARE -Does the audit proposal include a fee for undergoing an in-depth sas 70 readiness list of questions assessment? If not, you have got to discuss this important stage.