“Putting all your faith in a vendor’s claim to be SAS 70 certified is one of the riskiest move you can make on behalf of your company,” the article cautions. The same is apparently true for Type I or Type II certifications.

The argument is that there may be a conflict of interest when the company is paying their auditors directly, and the highlighted comparison was of the subprime loans that were the impetus for today’s financial crisis. They were signed off by auditors that were on the payroll of the companies needing the recommendation.

The question that follows is, “So, should I never trust a company that pays for a third party auditor?” That is absolutely NOT what this article is trying to communicate. But any company looking to invest in the services of another should definitely practice some caution instead of trusting a company implicitly when it claims to be certified. It’s never out of line to ask for a report.

Read the rest of the article here, and jump to the other article it cites: www.SAS70Wiki.com