Johnson Lambert & Co.

Career Center

SAS 70 Reports

Companies often find that the outsourcing of selected significant business processes to a third-party or “service organization” is a cost effect way to do business.  Common types of outsourcing arrangements include significant transaction processing, valuations of certain assets and liabilities and IT infrastructure.  Typically, such outsourcing includes outsourcing of activities that would be considered part of a company’s system of financial accounting controls and procedures

While a company may engage one or more service organizations, the company itself remains ultimately accountable for the reliability of the transactions and information generated by each service organization.  To the extent that information processed by a service organization impacts the company’s financial statements, the relevant activities of the service organization become part of the financial accounting controls and procedures of the company and will be subject to evaluation and testing by the company’s external auditors.  

SAS 70 is the commonly used term to refer to audits performed by a CPA firm pursuant to Statement on Audit Standards No. 70, Service Organizations.  A SAS 70 audit is performed by an independent CPA firm engaged by the service organization.  The product of the engagement is a SAS 70 Report that contains a description of the service organizations relevant controls, results of testing of those controls and an auditor’s opinion on the description and the results of testing.  

Service organizations may wish to obtain SAS 70 reports for a variety of reasons-

• to assist customers in their evaluation of their internal controls over financial reporting including as required by the Sarbanes-Oxley Act of 2002,
• to avoid each customer sending their own auditors to the service organization to evaluate and test controls, and
• to provide the service organization with information enabling it to evaluate and monitor its processes and controls relevant to services provided to its customers.

Johnson Lambert & Co. LLP experience in our insurance industry and alternative risk; associations and other non-profits; employee benefit plans industry niches. makes us uniquely qualified to  perform SAS 70 audits for a variety of types of service organizations providing services to those niches including-

• claims administrators
• benefits administrators
• underwriting administrators
• managing general agents (“MGA”)
• captive insurance managers

 

Captive.com posted an article by Johnson Lambert & Co. LLP professionals showing how a SAS 70 audit can significantly streamline your company's efficiency. The article illustrates how a SAS 70 works by presenting us with practical examples we've all experienced that bog us down every day and impact our efficiency. For a reprint of the "SAS 70: A Strategic Advantage in Challenging Times" article now featured on captive.com click here.