July 2010, TransWorks Completes Type II SAS 70 Audit

TransWorks, is pleased to announce that it has recently completed a service auditor’s review, commonly known as a SAS 70 audit, of its Hosted Application Solutions.  The audit was performed by a nationally recognized independent auditing firm, and was completed in July, 2010.  Included in the scope of the audit were TransWorks’ general controls.

SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) No. 70, titled “Reports on the Processing of Transactions by Service Organizations”.  SAS No. 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.

In order to complete the audit, TransWorks management developed control objectives for the significant areas of internal control that support the Hosted Applications Solutions. The control objectives in the 2010 report addressed each of the following areas:

• Control Environment
• Physical Security
• Environmental Protection
• Computer Operations
• Information Security
• Data Communications

TransWorks’ service auditor performed extensive testing of the control activities that have been implemented by TransWorks to help ensure that our control objectives are met.  The service auditor’s testing allowed the service auditor to opine on the following:

• Whether the description of the controls prepared by TransWorks presents fairly, in all material respects, the relevant aspects of the TransWorks’ controls that had been placed in operation as of July 2, 2010.
• Whether the controls were suitably designed to provide reasonable assurance that the specified control objectives would be achieved if those controls were complied with satisfactorily;
• Whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the review period of January 1, 2010, to June 30, 2010.

Following this rigorous examination, the auditing firm was able to issue an unqualified opinion regarding each of the areas described above.

TransWorks management recognizes that Sarbanes-Oxley legislation has placed an increased focus on the internal controls of valued business partners.  The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by TransWorks management.  The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.  The structure of our report is intuitive and is designed to be incorporated well with our clients’ Sarbanes-Oxley compliance programs.

Furthermore, TransWorks' management understands the ever increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ system of internal controls.  The successful completion of the Year SAS 70 audit is only part of TransWorks’ continued commitment to maintaining a high level of internal control.  TransWorks has engaged its service auditor to a long-term contract whereby TransWorks will undergo a Type 2 audit on an annual basis.

ABOUT TRANSWORKS

TransWorks, www.trnswrks.com, is a wholly owned subsidiary of Norfolk Southern. Based in Fort Wayne, Ind., it develops and implements automated transportation technology and services and provides integrated, end-to-end solutions for carriers, shippers and transportation intermediaries.

Please contact Bruce Cox to obtain further information regarding TransWorks' 2010 SAS 70 audit.