What is SAS 70?

The Statement on Auditing Standards No. 70 (SAS 70) is an internationally recognised external auditing standard developed by the American Institute of Certified Public Accountants (AICPA).

A SAS 70 Compliant status is a testimony that the service provider has adequate controls and measures in place to host and process confidential data (e.g. payroll data) of its clients.

Why the need?

When the client engages our services, we want our client to have a pleasant experience, be it our professionalism or quality of work produced, thus it is important that our clients know always in compliance. This gives them added confidence in our service level and quality of work.

Even when planning a financial audit for its client, an external auditor is expected to obtain an understanding and evaluation of the controlled risk of his client’s internal controls, which extends to the control of its outsourced providers.

Furthermore, all US-listed companies are legally required to ensure that the companies’ corporate governance and financial reporting comply with the Sarbanes-Oxley Act (SOX) 2002 Section 404, which requires disclosure of controls over financial reporting and the effectiveness of the controls. It states that the public company also has the responsibility to ensure controls over its outsourced service providers. A SAS 70 Service Report from the latter will provide this transparency and facilitate the compliance.

Who issues the Service Report?

An independent accounting firm will evaluate and test the control policies and procedures of a service organisation, like PayrollServe.

 

A Type II Service Report issued by the firm will contain the description of the service organisation’s controls, description of the tests of operating effectiveness and an opinion on whether the controls tested were operating with sufficient effectiveness to provide reasonable assurance that the control objectives were achieved during the test period.

What this means to you?

On a yearly basis, PayrollServe's internal processes will be assessed, tested and passed by an independent accounting firm. This is to assure our client that PayrollServe has met international risk control standards and there are sufficient controls in place to protect clients' data confidentiality.

 

In Singapore, not many service providers in the industry have obtained this auditing standard, which portrays our service commitment and quality assurance that we will provide to you.

SAS 70 Audit - Controls & Objectives

Control Areas
Information and Communication	Application Change Control
Logical & Physical Security	New Account Set Up and Maintenance
Computer Operations	Payroll Data Input and Processing

 

For more information, please click here.