Payroll Control Systems, (PCS) has successfully completed the rigorous SAS 70 Type II certification, an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). The SAS 70 process assures our clients that we meet the highest standards for security and have the appropriate controls and safeguards in place.

We’re proud to have earned our certification, but the significance is more important to you and your company, especially with regard to the safety and security of the payroll process performed by PCS.  So, what is a SAS 70 Type II and how is it different from a SAS 70 Type I?

What is SAS 70?

The Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a guideline that allows service organizations to disclose their business control activities and processes to their customers and their customers’ auditors in a uniform reporting format.  A SAS 70 Audit is not a predetermined set of control objectives/activities that organizations must achieve.  However, a SAS 70 Audit allows organizations to demonstrate business control objectives.  It also provides the ability to evolve controls and increase the level of audit evidence, thereby demonstrating improvements to customers and business partners.

SAS 70 Type I vs. SAS 70 Type II

The SAS 70 Type I provides an outline of the procedures, policies and controls that are necessary to ensure effective performance.  It describes controls as of a specific point in time.  The SAS 70 Type II is an independent audit of these procedures, policies, and controls which verifies and validates that the organization is actually following them and that the objectives set forth in Type I are being met.  The Type II includes the description and detailed testing of controls over a minimum six-month period and is usually a recurring and ongoing process.

The auditor’s examination, performed in accordance with standards established by the AICPA, resulted in an opinion that PCS’s controls are “suitably designed to provide reasonable assurance that the specified control objectives would be achieved…”

“By completing this extensive audit, PCS may now better serve financial, healthcare, government and other organizations that are required to substantiate adequate oversight of their service providers,” said Joe Reilly, CEO. “It also reinforces PCS’s position among the elite data processing operators, and validates to customers our willingness to take extensive steps to comprehensively support their business goals.”

PCS’s SAS 70 Type II audit considers a broad number of business processes that include:

Management and Organization

• Organizational Structure
• Assignment of Authority and Responsibility
• Information and Communication
• Internal Control and Monitoring
• Risk Assessment
• Hiring Practices and Human Resource Policies
• Confidentiality Agreement
• Code of Ethics
• Vendor Management

Physical Access

• Office Building
• PCS Offices
• Packout Room
• Server Room

Network Security and Management

Application Security and Management

Operations and Transaction Processing

• Payroll Implementation
• Payroll Processing
• PC Input / Payentry
• Payroll Distribution
• Automated Clearing House (ACH) Processing
• Finance and Administration

Tax Compliance

• Daily and Weekly Tax Procedures
• Monthly Tax Procedures
• Quarterly and Annual Tax Procedures

Subservice Organizations

All of these processes are tested by independent auditors following these procedures:

Inspection: Read documents and reports that contain an indication of performance of the control.  This includes, but is not limited to, reading documents and reports to determine that authorization is evidenced and transaction information is properly recorded and controlled, and examining reconciliations and evidence of review to determine outstanding items are properly monitored, controlled and resolved.

Re-performance: Independently perform the relevant control.  This includes, but is not limited to, comparing reconciliations to proper source documents, assessing the reasonableness of reconciling items, and recalculating mathematical solutions.

Observation: Witnessed the utilization of controls by Company personnel.  This includes, but is not limited to, viewing the functionality of system applications, automated controls, and scheduling routines, and witnessing the processing of transactions.

Inquiry: Interviewed appropriate personnel about the relevant control descriptions, processes and procedures.

To request a copy of our SAS 70 Type II report, click here.

Contact PCS at info@pcspayroll.com or at 763.513.5951.

PCS has engaged WIPFLi, CPAs and Consultants to perform the audit.

For Additional Information:

www.SAS70.com

http://en.wikipedia.org/wiki/SAS_70

Legal Disclaimer: This article is intended for informational purposes only and by no means should replace or substitute other legal documents (governmental or non-governmental) reflecting similar content or advice. If you have any questions concerning your situation or the information provided, please consult with an attorney, CPA, or an HR Professional.

Tags: how to control payroll, Payroll, Payroll Control Systems, SAS 70, SAS 70 Type II, SAS70, why does a payroll system need security or controls

This entry was posted on Tuesday, June 29th, 2010 at 3:57 am and is filed under PCS News, PCS Newsletter Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.