Our Methodology
Interested in a SOC Report
(SSAE 16/AT 101) or SAS 70 Audit Proposal?
Resource Center
June 15, 2011
SAS 70 Reporting Standards will be replaced by Service Organization Control (SOC) Reports.Our experience shows that the best way to provide great service is to create a clear process, then communicate it so everyone understands. Our methodology is a framework to gather and process the relevant information so that:
- Both the auditor and client understand their roles and responsibilities from the very beginning
- The client experiences minimal disruption
- The final product - the report - is useful to both the client and its customers
Our Methodology consists of the following phases:
- Business Process Understanding
- Control Design Assessment
- Control Gap Analysis
- Gap Closure Review
- Control Objective/Control Description Analysis
- Management Validation of Control Description
- PKM Test of Operating Effectiveness of Key Controls
Not all steps are performed for all audits. For instance, continuing clients (those we previously audited) would not require a Control Gap Analysis unless significant changes occurred.
Find us on 
| About
Us | People | Services
| Industries | Careers
| Site Map | Home |
Events |
Contact Us |
| About
Us | People | Services
| Industries | Careers
| Site Map | Home |
Events |
Contact Us |
Copyright 2011. All rights reserved. Secure
Document Transfer or Secure Payment Processing
