SAS70 / SSAE 16

Solution & Benefits Lifecycle Related Regulations

ProcessGene™ SAS70 Software – Introduction

The ProcessGene™ GRC software suite provides a complete solution for SAS70 compliance. The SAS70 software is implemented within days, immediately creating compliance visibility and centralized control.

The SAS70 software establishes an automated workflow that reduces the time and cost of compliance enforcement and eliminates manual labor, maintenance of multiple excel spreadsheets, etc. ProcessGene™’s SAS70 software is designed for multi-subsidiary organizations, based on our Multi-Org technology.

ProcessGene is acknowledged worldwide as a leading provider of Business Process Management (BPM) software solutions (see Gartner’s report on ProcessGene).

SAS70 Compliance in a Changing Business Environment

In today’s highly regulated environment, enterprises are increasingly strained by regulatory compliance concerns, while at the same time having to promote the ongoing conduct of business. Executive officers are specifically required to demonstrate capabilities for effective regulatory compliance, and to ensure corporate transparency and visibility into the business.

ProcessGene™ GRC software provides a complete solution for SAS70 compliance. The SAS70 software is implemented within days, and uses automation to reduce the time and cost of compliance enforcement.

Compliance Challenge

The SAS70 regulation (also known as “Statement on Auditing Standard No. 70: Service Organizations”) was introduced 1993 by the Auditing Standards Board of the American Institute of Certified Public Accountants, and has been continually maintained and updated to reflect the dynamic changes in business environment. The SAS70 regulation is aimed at providing guidance to service auditors when assessing the internal control of a service organization and issuing a service auditor report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. There are two types of service auditor reports. A Type I service auditors report includes the service auditor’s opinion on the fairness of the presentation of the service organization’s description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type II service auditors report includes the information contained in a Type I service auditors report and also includes the service auditor opinion on whether the specific controls were operating effectively during the period under review. SAS70 applies to service organizations impact the control environment of their customers. Examples of service organizations are: insurance and medical claims processors, trust companies, hosted data centers, application service providers (ASPs), managed security providers, credit processing organizations and clearinghouses.

In June 2011, the SSAE 16 replaced the SAS 70 as the standard for reporting on service organizations. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. Read more about the SSAE 16 and how to adjust your SAS70 compliance practice to this revised regulation.

Ensuring compliance with the SAS70 regulation is an important organizational task, which requires ongoing management of compliance data. The compliance process is continuous and needs to be repeated periodically and closely monitored. Managing officers are personally responsible to maintain the SAS70 compliance, and this responsibility requires significant management attention and allocation of time and effort. Beyond self assessments or assessments of compensated third parties (such as accounting auditors or regulation consultants), the organization may also confront other external audits, such as AICPA, that show little if any tolerance to deficiencies. The ProcessGene credo in this matter is that objective compliance data, maintained by the organization itself, has much higher value than opinions of compensated third parties. We also believe that only an ongoing, continuous process can ensure actual compliance and audit clearance.

Compliance Challenge for Multi-Subsidiary Organizations

Multi-subsidiary organizations are confronting even more complex compliance challenges, due to differences between the business processes and operational characteristics of subsidiaries. Hence, the management and communication of SAS70 compliance in a multi-subsidiary environment becomes an extremely complex task when managed manually or by tools that are not specifically designed for Multi-Org operations.

SAS70 Compliance with the ProcessGene™ GRC Software Suite: Solution & Benefits

ProcessGene™ GRC software provides a complete solution for SAS70 compliance. Our Multi-Org software solution automates the SAS70 compliance lifecycle and offers the following benefits:

  1. Very fast implementation, the SAS70 software is up and running within days
  2. The SAS70 software is based on Multi-Org technology, designed for SAS70 compliance in multi-subsidiary organizations
  3. The SAS70 software features full automation of the SAS70 compliance process using the ProcessGene™ BPM workflow engine, making it the most powerful system in the industry – yet the most intuitive and user friendly
  4. The SAS70 software features central cockpit with dashboards for data analysis and diagnostics- showing quantitative SAS70 compliance fulfillment levels
  5. The SAS70 software features easy and fast access to objective evidence used for external audits
  6. The SAS70 software features direct connectivity to ERP systems (e.g. SAP / Oracle) and ability to extract and process data in real time, and run automated tests
  7. The SAS70 software covers not only SAS70 compliance but also hundreds of other regulations and frameworks – all within the same framework
  8. The most seasoned and comprehensive SaaS (Software as a Service) solution in the GRC domain (see Gartner’s report on ProcessGene)
  9. The SAS70 software improves the quality of SAS70 internal audits and self-assessments

ProcessGene™ “Multi-Org” Technology

ProcessGene™ has been a pioneer and global leader in Multi-Org technology. During the past decade we have mastered a unique expertise in providing software solutions to multi-subsidiary organizations worldwide (see Gartner’s report on ProcessGene). Our SAS70 compliance software has been specifically designed for multi-subsidiary organizations and it features the most comprehensive solution for complex, distributed compliance challenges. Read more about ProcessGene Multi-Org technology.

Screenshots

Project Steps

Process Flowchart

Risk Heat-Map

Risk and Control Dashboards

Controlled vs. Residual Risk Levels

IT Connectivity

Inter-Subsidiary Comparison

Control Dashboards



Continue to: Lifecycle >