SAS 70 History and Timeline
While "SAS 70" has become a well-known acronym representing an in-depth audit of a third-party service organization, the original Statement on Auditing Standards (SAS) No. 70 is one of many periodic statements issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). These periodic statements generally involve the modification of existing auditing standards or the introduction of new auditing standards. With the recent passage of the Sarbanes-Oxley Act of 2002, the Public Company Accounting Oversight Board (PCAOB) will also issue auditing standards for public companies on a go-forward basis.
The auditor's consideration of an entity's internal control and the impact a service organization may have on the entity's control environment has long been an area of focus. The following table summarizes some of the Statements relative to internal control, the effect of information technology on a financial statement audit, and service organizations, that have been made since the very first Statement on Auditing Procedure (SAP) in 1939.
|
Statement |
Date
Issued |
Title
of Statement |
|
SAP
No. 29 |
October
1958 |
Scope
of the Independent Auditor's Review of Internal Control |
|
SAP
No. 41 |
November
1971 |
Reports
on Internal Control |
|
SAP
No. 54 |
November
1972 |
The
Auditor's Study and Evaluation of Internal Control |
|
SAS
No. 3 |
December
1974 |
The
Effects of EDP on the Auditor's Study and Evaluation of Internal Control |
|
SAS
No. 44 |
December
1982 |
Special-Purpose
Reports on Internal Accounting Control at Service Organizations |
|
SAS
No. 48 |
July
1984 |
The
Effects of Computer Processing on the Audit of Financial Statements |
|
SAS
No. 55 |
April
1988 |
Consideration
of Internal Control in a Financial Statement Audit |
|
SAS
No. 70 |
April
1992 |
Service
Organizations |
|
SAS
No. 78 |
December
1995 |
Consideration
of Internal Control in a Financial Statement Audit: An Amendment to Statement
on Auditing Standards No. 55 |
|
SAS
No. 88 |
December
1999 |
Service
Organizations and Reporting on Consistency |
|
SAS
No. 94 |
May
2001 |
The
Effect of Information Technology on the Auditor's Consideration of Internal
Control in a Financial Statement Audit |
|
PCAOB
No. 2 |
March
2004 |
An
Audit of Internal Control over Financial Reporting in Conjunction with an
Audit of Financial Statements. Note: Appendix B refers to Service
Organizations. |
|
PCAOB
No. 5 |
May
2007 |
An
Audit of Internal Control over Financial Reporting that is Integrated with an
Audit of Financial Statements. Note: Appendix B17-B17 covers Service
Organization considerations. |
|
ISAE
No. 3402 |
December
2009 |
Assurance
Reports on Controls at a Service Organization |
|
SSAE
No. 16 |
June
2010 |
Reporting
on Controls at a Service Organization |
If you need further information, feel free to send an e-mail to: info@sas70.com.
Copyright 2000-2010