Third
Party / SAS 70 Reports - A Regulatory and Standards Update
James Merrill,
CPA, CISA
Risk Advisory Services - Global Third Party Reporting Specialist
Francis P. Thomas,
III, CTA
First Vice President & General Auditor
THE GLENMEDE TRUST COMPANY, N.A.
Philadelphia, Pennsylvania
If you provide investment management, trust or custody services to
clients, you need to have a SAS-70 to distribute to all the
accountants/ auditors of clients who need validation of your internal
controls. Without it, you risk entertaining all those folks who
wish to come learn about your controls for themselves. We’ll briefly
talk about how your institution maximizes the use of their SAS-70
report. But what about the myriad of vendors contracted for outsourced
services? Are their controls important to you? How many of them are you
requesting a SAS-70 report from? How many reports do you actually
receive and what’s done with them? We’ll discuss the advantages to
proactive vendor management using external SAS-70’s as a tool to
document compliance with your vendor management program.