A Guide to the Impact of SAS 70 on Outsourcing Projects


The worlds of outsourcing and U.S. financial regulation are beginning to coincide. In particular, a number of large (and not-so-large) companies are increasingly insisting on comprehensive regulatory-driven audit requirements as part of their outsourcing arrangements. This can be a

contentious area, with the parties arguing over the scope of the audit and who will pick up the costs, which can be substantial.

The issue is not just confined to U.S. companies or even to the outsourcing of financial services. The relevant laws and standards – the Sarbanes-Oxley Act of 2002 (SOX) and the Statement on Auditing Standards No. 70: Service Organisations (SAS 70) – potentially affect not just U.S.

companies and foreign subsidiaries of U.S. companies, but also any company based outside the U.S. that is subject to U.S. Securities and Exchange Commission (SEC) regulation or that uses U.S. accounting rules.

In order to negotiate these issues effectively, it is vital to understand why a so-called SAS 70 audit is required and what it entails. In this article, we give the background to SAS 70 and its application to outsourcing agreements and aim to answer some of the queries typically raised in respect of SAS 70. We also detail some of the issues that companies need to consider when outsourcing processes

that are subject to SAS 70, and likewise some of the issues that service providers need to know when a customer insists on having SAS 70 audit rights.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP | Attorney Advertising

Written by:


Morrison & Foerster LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.