r*****e
发帖数: 4598 | 1 想请教一下关于审计中如何对 SOX相关的规定的审计的 比如如何查implementation
and the compliance of SOX 302 , 303, 404 等
另外 SAS 70 的该如何具体操作呢
希望有经验的达人分享一下 谢谢啦 | r*****e
发帖数: 4598 | | q****t
发帖数: 125 | 3 I only had some experience with some client's SAS 70 reports on their
outsourced payroll services or 401(k) services. We obtained the service
provider's SAS70 reports by a CPA firm (normally a big 4) that covered the
audit period, read the report especially the findings, and evaluated the
adquancy of the controls of the service provider. We then relate the
evaluation to our risk assessment. If our client had compensating controls
in place to mitigate the risks associated with the SAS 70 findings, we just
document it and move on. If we think the client needs to implement
additional controls, we'd recommend to client to do so and/or revise our
audit procedures and/or write it up in management letter depending on how
bad it is.
Whatever audit procedures your firm use, there should be instructions on how
to audit these. |
|
