Business requirement: Be SAS-70 saavy

Since passage of Sarbanes-Oxley Act 2002, the Statement on Auditing Standards No. 70, Type II audit report (SAS 70) has become a virtual business requirement for service and outsourcing providers—especially those serving publicly traded firms.

In fact, many corporations consider it a liability to use the services of an external vendor that does not have a SAS 70 Type II report, leading them to reevaluate all of their outsourcing arrangements and partnerships.

Benefits automation specialist bswift recently received the SAS 70, which is widely used to assess the internal controls of a service organization as they pertain to hosting and processing their customers' data, as well as financial reporting.

“As a service provider doing business with many publicly traded companies… [and] given the volume of sensitive employee data that bswift processes on a daily basis, it is imperative that we have a SAS 70 Type II audit report,” says Rich Gallun, CEO, bswift. “It is vital that we have an outside entity verify that we have a high level of security and that we really do what we say we do.”

While initially perceived by many corporate executives as a compliance annoyance, Sarbanes-Oxley served as a stimulus to many corporate organizations to revisit their internal processes, and move away from manual processing for functions such as benefits administration to reduce errors and tighten controls.

Because of the inefficiencies inherent in many HR processes, benefits administration automation is an easy target for leveraging Sarbanes-Oxley compliance, and has fueled tremendous growth for bswift over the past few years.

“Completing the SAS 70 Type II audit process was not an easy task, but it has already reaped great dividends for bswift with streamlined internal processes, as well as meeting the needs of our clients,” reports Gallun.