SAS 70 Service Auditor’s Opinion Templates free download

Download Free SAS 70 (Statement on Auditing Standards no 70) Service Auditor’s Opinion Templates


To XYZ Service Organization:
We have examined the accompanying description of controls related to the ABC application of XYZ Service Organization. Our examination included procedures to obtain reasonable assurance about whether
(1) The accompanying description presents fairly, in all material respects, the aspects of XYZ Service Organization’s controls that may be relevant to a user organization’s internal control as it relates to an audit of financial statements,

(2) The controls included in the description were suitably designed to achieve the control objectives specified in the description, if those controls were complied with satisfactorily, and

(3) Such controls had been placed in operation as of .

The control objectives were specified by XYZ. Our examination was performed in accordance with standards established by the American Institute of Certified Public Accountants and included those procedures we considered necessary in the circumstances to obtain a reasonable basis for rendering our opinion.

In our opinion, the accompanying description of the aforementioned application presents fairly, in all material respects, the relevant aspects of XYZ Service Organization’s controls that had been placed in operation as of . Also, in our opinion, the controls as described are suitably designed to provide reasonable assurance that the specified control objectives would be achieved if the described controls were complied with satisfactorily.

In addition to the procedures we considered necessary to render our opinion as expressed in the previous paragraph, we applied tests to specific controls, listed in Section III, to obtain evidence about their effectiveness in meeting the control objectives, described in Section III, during the period from to . The specific controls and the nature, timing, extent, and results of the tests are listed in Section III.

This information has been provided to user organizations of XYZ Service Organization and to their auditors to be taken into consideration, along with information about the internal control at user organizations, when making assessments of control risk for user organizations. In our opinion, the controls that were tested, as described in Section III, were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives specified in Section III were achieved during the period from to .

The relative effectiveness and significance of specific controls at XYZ Service Organization and their effect on assessments of control risk at user organizations are dependent on their interaction with the controls and other factors present at individual user organizations. We have performed no procedures to evaluate the effectiveness of controls at individual user organizations.

The description of controls at XYZ Service Organization is as of , and information about tests of the operating effectiveness of specific controls covers the period from to . Any projection of such information to the future is subject to the risk that, because of change, the description may no longer portray the controls in existence. The potential effectiveness of specific controls at the Service Organization is subject to inherent limitations and, accordingly, errors or fraud may occur and not be detected. Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that changes may alter the validity of such conclusions.

The information in Section IV of this report is presented by XYZ Service Organization to provide additional information and is not a part of the XYZ Service Organization’s description of controls placed in operation. The information in Section IV has not been subjected to the procedures applied in the examination of the description of the controls applicable to the processing of transactions for user organizations and, accordingly, we express no opinion on it.

This report is intended solely for use by the management of XYZ Service Organization, its customers, and the independent auditors of its customers.

Signed – Audit Firm Name
Date