SAS 70: History and Timeline

SAS 70 History and Timeline

While "SAS 70" has become a well-known acronym representing an in-depth audit of a third-party service organization, the original Statement on Auditing Standards (SAS) No. 70 is one of many periodic statements issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). These periodic statements generally involve the modification of existing auditing standards or the introduction of new auditing standards. With the recent passage of the Sarbanes-Oxley Act of 2002, the Public Company Accounting Oversight Board (PCAOB) will also issue auditing standards for public companies on a go-forward basis.

The auditor's consideration of an entity's internal control and the impact a service organization may have on the entity's control environment has long been an area of focus. The following table summarizes some of the Statements relative to internal control, the effect of information technology on a financial statement audit, and service organizations, that have been made since the very first Statement on Auditing Procedure (SAP) in 1939.

Statement Date Issued Title of Statement

SAP No. 29 October 1958 Scope of the Independent Auditor's Review of Internal Control

SAP No. 41 November 1971 Reports on Internal Control

SAP No. 54 November 1972 The Auditor's Study and Evaluation of Internal Control

SAS No. 3 December 1974 The Effects of EDP on the Auditor's Study and Evaluation of Internal Control

SAS No. 44 December 1982 Special-Purpose Reports on Internal Accounting Control at Service Organizations

SAS No. 48 July 1984 The Effects of Computer Processing on the Audit of Financial Statements

SAS No. 55 April 1988 Consideration of Internal Control in a Financial Statement Audit

SAS No. 70 April 1992 Service Organizations

SAS No. 78 December 1995 Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55

SAS No. 88 December 1999 Service Organizations and Reporting on Consistency

SAS No. 94 May 2001 The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit

PCAOB No. 2 March 2004 An Audit of Internal Control over Financial Reporting in Conjunction with an Audit of Financial Statements. Note: Appendix B refers to Service Organizations.

If you need further information, feel free to send an e-mail to: info@sas70.com.

Return to the Main Index

Statement	Date Issued	Title of Statement
SAP No. 29	October 1958	Scope of the Independent Auditor's Review of Internal Control
SAP No. 41	November 1971	Reports on Internal Control
SAP No. 54	November 1972	The Auditor's Study and Evaluation of Internal Control
SAS No. 3	December 1974	The Effects of EDP on the Auditor's Study and Evaluation of Internal Control
SAS No. 44	December 1982	Special-Purpose Reports on Internal Accounting Control at Service Organizations
SAS No. 48	July 1984	The Effects of Computer Processing on the Audit of Financial Statements
SAS No. 55	April 1988	Consideration of Internal Control in a Financial Statement Audit
SAS No. 70	April 1992	Service Organizations
SAS No. 78	December 1995	Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55
SAS No. 88	December 1999	Service Organizations and Reporting on Consistency
SAS No. 94	May 2001	The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit
PCAOB No. 2	March 2004	An Audit of Internal Control over Financial Reporting in Conjunction with an Audit of Financial Statements. Note: Appendix B refers to Service Organizations.