The American Institute of Certified Public Accountants (“AICPA”) Statement on Auditing Standards (“SAS”) No. 70, reports on the Processing of Transactions by Service Organizations, provides guidance on factors that independent auditors should consider when auditing the financial statements of an entity that uses a service organization to process certain transactions. It also provides guidance for independent auditors who issue reports on the processing of transactions by a service organization for use by other auditors.

Examples of service organizations include:
• Payroll and payroll tax processing
• Bank trust departments
• Mortgage bankers servicing mortgages for others
• Electronic data processing ("EDP") service centers processing transactions and related data
• Companies that develop, provide, and maintain software used by others

SMART is engaged by various service organizations to audit and report on their policies and procedures placed in operation, changes in the entity’s systems, as a result of our assessment and tests of operating effectiveness. The audits involve: obtaining and understanding an entity’s policies and procedures; inspecting related documents and records; inquiries of management and other personnel; and observation of the service organization’s activities and operations. Tests of operating effectiveness include: examination of system flowcharts and narratives, and performing tests of controls.

Independent auditors of entities using service organizations will read the auditee’s report on policies and procedures placed in operation and (if applicable) tests of operating effectiveness to understand controls at the service organizations, assess control risk and plan their audits.