What does SAS No. 70 assess in a service organization?

SAS No. 70, or Statement on Auditing Standards No. 70, specifically focuses on evaluating the effectiveness of control objectives and activities within a service organization. This auditing standard was developed to provide guidance on how service auditors can report on the controls at a service organization that are relevant to user entities’ internal control over financial reporting. The primary goal is to ensure that the controls in place effectively mitigate risks associated with the services provided.

When a service organization undergoes a SAS No. 70 audit, the audit assesses whether the control objectives are appropriately designed and functioning effectively. This helps the service organization demonstrate to its clients that it has strong internal control processes, thereby fostering trust and compliance with regulatory standards.

The other options, such as assessing employee training, corporate governance structures, or the accuracy of financial statements, are not the focus of SAS No. 70. Instead, these may pertain to different standards or frameworks that target those specific areas.