Talk:Statement on Auditing Standards No. 70: Service Organizations

From Wikipedia, the free encyclopedia
Business and economics Portal
This article is within the scope of the Business and Economics WikiProject.
Stub rated as Stub-Class on the assessment scale
Low rated as Low-importance on the assessment scale

Okay, this page is finally created. I'll try to add some more information as soon as possible... :) grafikm_fr 19:14, 26 March 2006 (UTC)

[edit] Criticisms of SAS 70

Is the article "SAS 70: The Emperor Has No Clothes" still valid? The article was copywritten in 2001 before SOX was passed. Once I saw the copyright date, I did not read the article. Saveena 21:21, 6 September 2006 (UTC)

It would be more relevant than before. Law always trumps an organizations' statements. SAS 70 is an Auditor's Employment Security Statement. —Preceding unsigned comment added by 205.231.22.202 (talkcontribs)

The "SAS 70: The Emperor Has No Clothes" article is not valid and contains many inaccuracies and misleading statements. There is no discussion of "law" in the "Emperor" article, as it is simply a security consulting firm's attempt to de-value the purpose of the SAS 70 audit in the form of a "white paper". IMO, it should not ever be used as a source document because it takes an extremely slanted view of the topic. I would refer you to the rebuttal contained at www.sas70solutions.com titled "SAS 70 Audits: A SAS 70 Auditor's Response to the Critics" to understand all of the issues in the Emperor article. (Link: [1]) —Preceding unsigned comment added by SAS70Expert (talk • contribs)

It's not at all surprising that a company that makes its money conducting SAS-70 work would defend the standard. Many of the criticisms in the "Emperor" article are still both reasonable and appropriate. SAS-70 may have a place (and it might be a slightly greater place under SOx) but it does not and can not replace due diligence into the security practices of a company's business partners.
A more balanced presentation that addresses both the criticisms and the rebuttals can be found at CSOonline. Rossami (talk) 20:12, 4 February 2008 (UTC)

All araound the globe there are many more standards copying the SAS 70 approach. E.g. in Germany IDW PS 951. —Preceding unsigned comment added by 145.62.32.131 (talk) 16:58, 4 March 2008 (UTC)