SAS 70 & SSAE 16 Template
Service organizations are, at times, companies that provide outsourced services that impact the control environment of their customers. It is vital that service companies provide their customers with a reliable statement on the management of controls at the customer. SAS 70, and the new initiatives that replace it ISAE 3402 and SSAE 16 is recognized around the world as a label of quality for a service organization.
There are two types of service auditor reports:
• Type I
A Type I SAS-70 internal control report states the proper design of all relevant controls. A Type I certification is the most basic certification.
• Type II
A Type II SAS-70 internal control report not only states the proper design of controls, but also that all controls are operating effectively. The Type II certification is the most advanced SAS-70 certification.
Best practice for SAS 70 compliance
BWise Governance, Risk and Compliance (GRC) management software enables the arrangement of internal controls and their assessment as required by SAS 70. Based on best practices, BWise provides a foundation for the proper design of an internal control framework. The resulting framework further enables a service organization to identify relevant risks and controls in the organization. BWise also provides an integrated assessment component to validate the description and design of these controls. Assessments can then be recorded and compiled in the BWise solution, ultimately resulting in a Type I internal control report. The BWise SAS-70 solution also has the ability to validate the effective operation of controls in the service organization, providing results for a Type II internal control reports.
ISAE 3402 and SSAE 16
BWise can not only assist an organization with its Type I and Type II service auditor reports, but can also assist with and enable the requirements of ISAE 3402 and SSAE 16. The BWise GRC platform can help in the creation and development of a service organization’s description of its system, the written assertion to accompany that description and the organization’s identified risks that could threaten the achievement of its controls objectives; all as required by the new initiatives ISAE 3402 and SSAE 16.
Using BWise and the SAS 70 template, compliance with all internal control audit requirements are accomplished in the most cost effective and efficient way. Audits can be performed rapidly and efficiently, with all required information readily available, saving substantial audit costs. In addition, BWise offers a completely integrated GRC software platform, with components that can not only assist with internal controls, but also with risk management and embedding governance and compliance processes into your organization.
To find out more about all the products from BWise, please click here.