SAS 70
SAS 70: The Statement on Auditing Standard (SAS ) No. 70 was adopted by the American Institute of Certified Public Accountants around 1993. It was intended to establish a standard for the gathering of evidence on internal controls of a service organization (SO) associated with the delivery of services related to the controls of data for the preparation of financial reports that impact the accuracy of the financial reports. SAS 70 created an audit of internal controls over financial reporting (ICFR) and did not apply to privacy or security audits of Service Organizations Controls. (SOC) The audits were to be performed and reported on by Certified Public Accounts (CPAs) other than the service user’s auditor. The standards of SAS 70 have been replaced by those of a SOC 1 Audit.
