Executive Briefings

SAS 70 Audit Offers Benefits to 3PLs and Their Customers; Transplace Shows How It Is Done

As 3PL and 4PL partnerships have matured and expanded, the types and amounts of information that companies share with their providers has increased.  This greater openness clearly has operational benefits and serves to strengthen partnerships, but it also comes with concerns about data security.

Transplace has directly addressed those concerns by investing in an SAS 70 audit. The Statement on Auditing Standards (SAS) No. 70 is widely recognized and developed for service organizations by the American Institute of Certified Public Accountants (AICPA).  A service auditor's examination performed in accordance with these standards confirms that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.

Transplace recently completed its third annual SAS 70 audit. "We obtained our first SAS 70 Report in 2008 and understand the importance of continuing these standards for our customers," says Transplace Executive Vice President and Chief Financial Officer Steve Crowther.  He explains that in recent years, Transplace moved to a virtualized server environment, while also enhancing its data center by relocating to a remote location. "As a leading on-demand company, we want to ensure the proper controls remain in place to ensure our customers' data is protected according to the highest of standards," Crowther says. "The success of the SAS 70 Type II audit confirms that controls are aligned and our processes are not only robust, but also efficient."

The Transplace audit was conducted by Weaver (formerly Weaver & Tidwell, L.L.P.), one of the largest certified public accounting firms in the nation.

I don't know the extent to which other third-party providers engage in such audits, but it certainly seems like a good way to give both parties some peace of mind. For the provider, a SAS 70 procedure provides an independent assessment of control policies and procedures that may identify opportunities for improvements. From the customer's perspective, a Service Auditor's Report provides valuable information regarding the effectiveness of their partner's controls - information that often is useful in a firm's own auditing process.

Hats off to Transplace for taking the lead on this best practice!

Comment on This Story

As 3PL and 4PL partnerships have matured and expanded, the types and amounts of information that companies share with their providers has increased.  This greater openness clearly has operational benefits and serves to strengthen partnerships, but it also comes with concerns about data security.

Transplace has directly addressed those concerns by investing in an SAS 70 audit. The Statement on Auditing Standards (SAS) No. 70 is widely recognized and developed for service organizations by the American Institute of Certified Public Accountants (AICPA).  A service auditor's examination performed in accordance with these standards confirms that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.

Transplace recently completed its third annual SAS 70 audit. "We obtained our first SAS 70 Report in 2008 and understand the importance of continuing these standards for our customers," says Transplace Executive Vice President and Chief Financial Officer Steve Crowther.  He explains that in recent years, Transplace moved to a virtualized server environment, while also enhancing its data center by relocating to a remote location. "As a leading on-demand company, we want to ensure the proper controls remain in place to ensure our customers' data is protected according to the highest of standards," Crowther says. "The success of the SAS 70 Type II audit confirms that controls are aligned and our processes are not only robust, but also efficient."

The Transplace audit was conducted by Weaver (formerly Weaver & Tidwell, L.L.P.), one of the largest certified public accounting firms in the nation.

I don't know the extent to which other third-party providers engage in such audits, but it certainly seems like a good way to give both parties some peace of mind. For the provider, a SAS 70 procedure provides an independent assessment of control policies and procedures that may identify opportunities for improvements. From the customer's perspective, a Service Auditor's Report provides valuable information regarding the effectiveness of their partner's controls - information that often is useful in a firm's own auditing process.

Hats off to Transplace for taking the lead on this best practice!

Comment on This Story