Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes.

In today's global economy, service organizations or outsourcing providers must demonstrate that they have adequate controls and safeguards when they handle data belonging to their customers. In addition, the requirements of the Sarbanes-Oxley Act of 2002, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) make SAS 70 audit reports even more important to the process of reporting on effective internal controls at service organizations.

SAS 70 compliance provides clients with reassurance that clients' data are being handled by service professionals that have a clearly defined and secure process for data eradication. Clients should never settle for a service provider that does not have SAS 70 compliance.

SAS 70 History in Hewitt HR Outsourcing

• Hewitt is committed to maintaining strict controls across the various processes which govern our company and the delivery of our HR outsourcing services
• Hewitt was globally re-certified SAS 70 compliant in 2008
• In China, our first SAS 70 Type II audit commenced on August 12, 2005 and we received the final report by April 30 2006
• A clean report for 2007 was also issued to Hewitt HRO China at the end of 2007
• Our 2008 audit cycles started in Jul. 2008 and will complete in Jan. 2009
• Our local commitment to SAS 70 sets us apart from our competitors and ultimately enables us to provide better service to our clients