In April 1992, the American Institute of CPAs created Statement for Auditing Standard (SAS 70), which was designed to establish professional standards for auditing service providers, such as third party administrators (TPAs). SAS 70 engagements were performed primarily on large service providers. Then in mid-2004, when the Public Company Accounting Oversight Board (PCAOB) released Auditing Standard #2 as part of the Sarbanes Oxley (SOX legislation), the use of SAS 70 reports grew in importance.

Basically, PCAOB #2 established new standards requiring external auditors to perform an audit of a company’s internal controls, including those services that are outsourced. This standard also allows the external auditor to rely upon a SAS 70 report prepared by a service provider’s own auditor in meeting this requirement. Needless to say, PCAOB #2 resulted in an increase in the number of SAS 70 engagements.

Click here to read more.