TRANSWORKS SUCCESSFULLY COMPLETES
TYPE 2 SAS 70 AUDIT
TransWorks is pleased to announce that it has recently
completed a service auditor’s review, commonly known
as a SAS 70 audit, of its Hosted Application Solutions. The
audit was performed by a nationally recognized independent
auditing firm, and was completed in July, 2007. Included
in the scope of the audit were TransWorks’ general
controls.
SAS 70 is an acronym for the American Institute of Certified
Public Accountants (AICPA) Statement on Auditing Standard
(SAS) No. 70, titled “Reports on the Processing of
Transactions by Service Organizations”. SAS No. 70
defines the professional standards used by a service auditor
to assess the internal controls of a service organization
and issue a service auditor’s report.
In order to complete the audit, TransWorks management developed
control objectives for the significant areas of internal
control that support the Hosted Application Solutions. The
control objectives in the 2007 report addressed each of the
following areas:
- Control Environment
- Physical Security
- Environmental Protection
- Computer Operations
- Information Security
- Data Communications
TransWorks’ service auditor performed extensive testing
of the control activities that have been implemented by TransWorks
to help ensure that our control objectives are met. The service
auditor’s testing allowed the service auditor to opine
on the following:
- Whether the description of the controls prepared by TransWorks
presents fairly, in all material respects, the relevant
aspects of the TransWorks’ controls that had been
placed in operation as of July 6, 2007;
- Whether the controls were suitably designed to provide
reasonable assurance that the specified control objectives
would be achieved if those controls were complied with
satisfactorily; and
- Whether the controls that were tested were operating
with sufficient effectiveness to provide reasonable, but
not absolute, assurance that the control objectives were
achieved during the review period of January 1, 2007, to
July 7, 2007.
Following this rigorous examination, the auditing firm was
able to issue an unqualified opinion regarding each of the
areas described above.
TransWorks management recognizes that Sarbanes-Oxley legislation
has placed an increased focus on the internal controls of
valued business partners. The SAS 70 audit report is designed
to provide clients with a certain level of assurance regarding
the controls that are maintained by TransWorks management.
The SAS 70 report addresses all five components of internal
control outlined in the Sarbanes-Oxley legislation, namely
the control environment, risk assessment activities, control
activities, information and communication systems, and monitoring
activities. The structure of our report is intuitive and
is designed to be incorporated well with our clients’ Sarbanes-Oxley
compliance programs.
Furthermore, TransWorks’ management understands the
ever increasing importance of corporate governance, as well
as the impact of the organization’s services on our
clients’ system of internal controls. The successful
completion of the 2007 SAS 70 audit is only part of TransWorks
continued commitment to maintaining a high level of internal
control. TransWorks has engaged its service auditor to a
long-term contract whereby TransWorks will undergo a Type
2 audit on an annual basis.
ABOUT TRANSWORKS
TransWorks, www.trnswrks.com,
is a wholly owned subsidiary of Norfolk Southern. Based in
Fort Wayne, Ind., it develops and implements automated transportation
technology and services and provides integrated, end-to-end
solutions for carriers, shippers and transportation intermediaries.
Please contact Bruce
Cox to
obtain further information regarding TransWorks’ SAS
70 audit.
|
