There's no doubt that Sarbanes-Oxley and other closely related regulatory changes have altered today's business terrain. So while your firm is being held to a higher degree of accountability, why should you expect any less of your business partners?

In a joint audit of our controls, Crawford & Company and RSG commissioned Tidwell Dewitt LLC to conduct a SAS 70 Type II Audit. In the 2005 issue of "Inside Public Accounting", Tidwell Dewitt LLC was recognized as the Sixth Fastest Growing Accounting Firm in the country, and they have built a strong and reputable practice in both the private and public arenas. Tidwell DeWitt LLC is also a prominent member of the International Group of Accounting Firms (IGAF). Audits are conducted in six month intervals ending March 31st and September 30th.

SAS 70 Type II Audit

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized because it represents that a service organization has been through an in-depth audit regarding their control activities, which generally include controls over information technology and related processes. RSG's SAS 70 Audit examined and analyzed controls pertaining to information technology and related processes.

There are two types of SAS 70 Audits. In a Type I report, the service organization provides a description of its controls. During the audit, the service auditor evaluates the accuracy of that description and whether the controls were suitably designed to achieve the specified control objectives. A Type II report includes the information from a Type I report as well as analysis and results of detailed tests conducted on the service organization's controls over a period of at least six months.

In RSG's SAS 70 Type II report, the auditors of Tidwell DeWitt LLC, assessed the accuracy of RSG's description of its controls placed in operation and the suitability of the controls' design to achieve the specified control objectives.

Taking the SAS 70 Audit to the Next Level

At RSG, we didn't settle for just a brief SAS 70 Type I audit. In fact, our comprehensive SAS 70 Type II audit is even more detailed and thorough than your standard SAS 70 Type II. In the SAS 70 Type II report, controls were defined into two categories:

Business Process Controls

  • Manual input of data from authorized sources
  • Loading of external data is executed as scheduled and any deviations or exceptions are identified, investigated, and resolved in a timely manner
  • Loading of external data is complete and processing of such data is accurate
  • Output is accurate based on report definition

Information Technology Controls

  • Organizational Administration
  • Security: Environmental, Physical and Logistical
  • Data and Network Security
  • Software Applications
  • Computer Operations
  • Infrastructure
  • Disaster Recovery

A satisfactory analysis of the controls in each area is provided in the complete SAS 70 Type II Audit report, which is available to all clients upon request.
  Home | Legal | Privacy
Copyright © 2008 All rights reserved.
Risk Sciences Group, Inc is a subsidiary of Crawford & Company