Scribblings of a Microsoft Dynamics GP MVP
Achieve Compliance Objectives with Microsoft Dynamics GP
Hi all
I was following a question in the community about compliance standards in Dynamics GP, and there was a response from Tirumal Boppanna, who is the forum moderator from Microsoft.
Note that you need to be a Certified (or) Gold Certified Partner to access this forum.
I have decided to post an extract of his response in this article for the purpose of the community.
“SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers’ auditors in a uniform reporting format. A SAS 70 examination signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. A formal report including the auditor’s opinion ("Service Auditor’s Report") is issued to the service organization at the conclusion of a SAS 70 examination.
SAS 70 is a certification of financial services not software. For example ADP needs to provide SAS 70 certification to customers that it provides payroll services, so that customer has a guarantee there are proper controls and compliance around that service. It’s not a requirement nor is there a certification (that I’m aware of) that would provide our software with a similar certification.
This kind of certification needs to be done through internal controls and compliance processes and testing, and we do not nor can we “certify” that the software is being used in a manner that ensures internal controls and compliance.
So, SAS 70 certification is really up to the businesses themselves – those that are using our software. With our software, we are helping to enable businesses to become certified or compliant, versus developing our software to achieve certification or compliance. We are confident that Microsoft Dynamics GP falls in line with this.
We do have a Compliance white paper that is attached to this mail – it does not specifically call out SAS 70, but it does address the premise above, as well as some of our software development strategy to help enable companies to achieve compliance.”
He has also provided a link to a white paper which focuses on how to achieve compliance objectives with Dynamics GP 10 (which is also applicable for Dynamics GP 2010). The link is provided below.
Help Achieve Compliance Objectives with Microsoft Dynamics GP 10.0
Note that you need to have access to Partnersource to download this document.
Hope this throws some light into how to achieve compliance objectives with Dynamics GP, to the community. Thanks Boppanna for his response. 
Until next post…