Burt Quick Facts Mission, Vision and Values Credentials/Certifications Licensing Testimonials FAQ's Careers
SAS 70 Certified

Overview Why is SAS 70 Important? What is the significance of a Type II certification? Official Press Release

SAS 70, Type II Certified

Overview
Burt & Associates successfully completed a service auditor’s review, commonly known as a SAS 70 audit, of its general controls environment supporting the debt recovery services. The audit was performed by a nationally recognized independent auditing firm and was completed in March, 2006. Burt & Associates also passed all control objectives on the first audit review.

In order to complete the audit, Burt & Associates’ management developed control objectives for the significant areas of internal control that support the general control environment supporting the debt recovery services. The control objectives in the 2006 report addressed each of the following areas:

  1. Control Environment
  2. Physical Security
  3. Environmental Security
  4. Computer Operations
  5. Information Security

Burt & Associates recognizes that Sarbanes-Oxley legislation has placed an increased focus on the internal controls of valued business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by Burt & Associates’ management. The SAS 70 report addressed all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities. The structure of our report is intuitive and is designed to be incorporated well with our client’s Sarbanes-Oxley compliance programs.

Why is SAS 70 certification important?

The Statement of Auditing Standards No. 70, Service Organizations (SAS 70) is primarily used by service organizations to communicate the material integrity of controls to financial auditors. SAS 70 then becomes a critical tool for user organizations and their management. Since Sarbanes-Oxley legislation, Section 404 states that chief executive officers (CEOs) and chief financial officers (CFOs) of publicly traded companies take personal responsibility for the effectiveness of internal control over financial reporting. Furthermore, management’s responsibility extends to controls in place at service organizations, making controls at third-party service providers an integral component of CEO and CFO assertions that adequate controls are functioning as intended.

 The Securities and Exchange Commission (SEC) has interpreted Section 404 outsourcing control assessment requirements as follows: “In situations where management has outsourced certain functions to third-party service providers, management maintains a responsibility to assess the controls over the outsourced operations. However, management would be able to rely on the Type II, SAS 70 report.

Accordingly, SAS 70 is designated by the SEC as an acceptable method for management to obtain assertions about service organization internal controls without conducting separate assessments. As a result, the SAS 70 is a preferred method of providing assurance for service organization clients subject to Section 404 and can still be used for other audit-related purposes as well.

What is the significance of a Type II certification?

Commonly known as a “Report on Controls Placed in Operation and Tests of Operating Effectiveness”, or Type II Service Auditor’s Report, these reports provide third-party assurance regarding the operational effectiveness of internal controls over a period of time. Type II is more desirable since it is the more thorough and stringent of the two types of auditing procedures and covers all of the necessary compliance requirements under the Sarbanes-Oxley Act of 2002.