The worlds of outsourcing and U.S. financial regulation are beginning to coincide. In particular, a number of large (and not-so-large) companies are increasingly insisting on comprehensive regulatory-driven audit requirements as part of their outsourcing arrangements. This can be a
contentious area, with the parties arguing over the scope of the audit and who will pick up the costs, which can be substantial.
The issue is not just confined to U.S. companies or even to the outsourcing of financial services. The relevant laws and standards – the Sarbanes-Oxley Act of 2002 (SOX) and the Statement on Auditing Standards No. 70: Service Organisations (SAS 70) – potentially affect not just U.S.
companies and foreign subsidiaries of U.S. companies, but also any company based outside the U.S. that is subject to U.S. Securities and Exchange Commission (SEC) regulation or that uses U.S. accounting rules.
In order to negotiate these issues effectively, it is vital to understand why a so-called SAS 70 audit is required and what it entails. In this article, we give the background to SAS 70 and its application to outsourcing agreements and aim to answer some of the queries typically raised in respect of SAS 70. We also detail some of the issues that companies need to consider when outsourcing processes
that are subject to SAS 70, and likewise some of the issues that service providers need to know when a customer insists on having SAS 70 audit rights.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.