Download (Registration Required, 296K)
Provide feedback on this document
Visit the Audit Standards Knowledge Center community
The International Auditing and Assurance Standards Board (IAASB) and the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) have recently approved new standards for reporting on controls at a service organization with a truly global constituency in mind. Under the approach adopted by the IAASB and the ASB, Statement on Auditing Standard No. 70 (SAS 70) will be replaced by two new standards: an attestation standard that will guide service auditors in the conduct of an examination of, and the resulting reporting on, controls at a service organization and an auditing standard that will guide user auditors in consideration of internal control when processing is performed by a service organization.
While these new standards are intended to be a communication from the service auditor to the user independent auditor that permit a user entity independent auditor to fulfill auditing requirements, management at user entities also has recognized its responsibility for designing and implementing internal control over financial reporting, whether performed internally or by a service provider, and acknowledged the benefits of SAS 70 reports as part of their risk management, vendor management or regulatory compliance processes. This paper will address the changes in the new standards and will focus on providing management of user entities with valuable practical guidance on their responsibilities to help ensure that they are ready for the changes.