Vengroff, Williams & Associates Completes SAS 70 Type II Certification to Ensure Regulatory Compliance

Vengroff, Williams & Associates, a leading provider of receivable management and business process outsourcing solutions, today announced it has completed a SAS 70 (Statement on Auditing Standards No. 70) Type II audit of Vengroff, Williams & Associates’ controls and procedures.

This widely recognized audit standard can assist VWA’s customers and their auditors to address the requirements of Sarbanes-Oxley. The SAS 70 Type II audit helps affirm that VWA offers a consistent, reliable and secure operating environment to support its 3,000 customers worldwide.

SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. A SAS 70 Type II audit is an in-depth analysis of a service organization’s control over information technology and related processes. A SAS 70 Type II audit is often required by public companies for compliance requirements or for companies that want assurance that a service organization’s processes, procedures and controls described in the report are operating effectively. Successful completion of a SAS 70 Type II audit indicates that processes, procedures and controls have been formally reviewed.

“With the increased emphasis on integrity and security in today’s business environment and a concern for regulatory standards, we see our SAS 70 Type II completion as confirmation of our best practices as well as bridging and ease of partnering with VWA for audit compliance,” said Mark Vengroff, CEO of Vengroff, Williams & Associates. “We’ve exceeded our customers’ needs with the assurance that we’ve instituted the appropriate safeguards to help them meet their goals for success. VWA?s compliance further demonstrates our commitment to providing secure, scaleable and reliable enterprise-level software, processes, and accounting platforms to validate the accuracy and integrity of outsourcing to third-party collections and operations for thousands of clients.”

Service organizations and service providers must demonstrate that they have adequate controls and safeguards when hosting data belonging to their customers. Sarbanes-Oxley now mandates that chief executive officers and chief financial officers of publicly traded companies take personal responsibility for the effectiveness of internal control over financial reporting. As a result, the SAS 70 audit is a preferred method of providing assurance for service organization clients subject to Section 404 of Sarbanes-Oxley. Vengroff, Williams & Associates’ SAS 70 compliance includes:

IT Controls: strict definition and consistent testing

• Application development
• Firewall configuration and access
• Database access
• Data transmissions
• Data backup and recovery
• Application security
• Product development consistency and control

Personnel Controls: strict definition and documented enforcement of staff access to data

• No user permissions to servers or data without specific procedure
• All access and activity logged
• Physical access highly controlled and logged
• Database schema, tables and permissions tightly controlled

Financial controls: strict definition and consistent testing

• Payment processing
• Account reconciliation
• Enforced role definition and separation
• Consistent auditing of balances
• Payable controls

VWA recently reported that the company is in compliance with Section 404 of the Sarbanes-Oxley Act of 2002.