Faced with SAS70 Type II request from a client and SOX on the horizon, commenced work with independent SAS70 auditor to outline requirements to achieve Type II compliance, wherein every control had to be demonstrated every six months. Faced with defining a consistent tool for maintaining audit tracking, keeping the auditors to a defined set of tasks was the only way to be successful.
Designed a spreadsheet tracking tool that outlined every control/observation with a defined audit resource. This became the communication document between the auditor and the division. When they sent the spreadsheet with specified time periods for review, several boxes of physical documentation were prepared for their review.
Led first division in company to SAS70 compliance, and audit-tracking tool provided the company with an valuable tool to manage auditors. Documents were prepared ahead of auditors’ onsite visits. After several cycles, onsite review shortened from 10 days down to three, which lowered stress levels around the company based on the speedy review.