Sarbanes-Oxley and other closely related regulatory changes have altered today's business terrain. Since your firm is being held to a higher degree of accountability, why should you expect any less of your business partners?

In a joint audit of our controls with Crawford & Company since 2005, RSG has retained a reputable firm to conduct our SAS 70 Type II Audit. Audits are conducted in six month intervals ending March 31st and September 30th, with the eventual goal of twelve-month intervals.

RSG's SAS 70 Type II Audit

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized because it demonstrates that a service organization has been through an in-depth audit regarding their control activities. RSG's SAS 70 Audit examined and analyzed controls pertaining to information technology and related processes.

There are two types of SAS 70 Audits. In a Type I report, the service organization provides a description of its controls. During the audit, the service auditor evaluates the accuracy of that description and whether the controls were suitably designed to achieve the specified control objectives. A Type II report includes the information from a Type I report as well as analysis and results of detailed tests conducted on the service organization's controls over a six- or twelve-month period.

In RSG's SAS 70 Type II report, the auditors assessed the accuracy of RSG's description of its controls placed in operation and the suitability of the controls' design to achieve the specified control objectives.

Taking the SAS 70 Audit to the Next Level

At RSG, we didn't settle for just a brief SAS 70 Type I audit. In fact, our comprehensive SAS 70 Type II audit is even more detailed and thorough than the standard SAS 70 Type II. In the SAS 70 Type II report, controls were defined into two categories:

Business Process Controls

  • Receipt of Client Data
  • Loading and Processing of Client Data
  • Output and Reports
  • Change Management: Applications and Infrastructure
  • System Development Life Cycle

Information Technology Controls

  • Organizational Administration
  • Physical Security
  • Environmental Safeguards
  • Logical Access
  • Data and Network Security
  • Software Applications
  • Computer Operations
  • Business Continuity and Disaster Recovery Planning

You will find an analysis of the controls in each area has been conducted and proven satisfactory. Details are provided in the complete RSG SAS 70 Type II Audit report, which is available to clients upon written request.

 
  Home | Legal | Privacy
Copyright © 2010 All rights reserved.
Risk Sciences Group, Inc is a subsidiary of Crawford & Company