Let's take a look at how a SAS 70 Audit increase the management of risks.  The simple diagram below depicts a basic risk model.

These processes have inherent risks which can devistate the company's objectives.  A good risk management program identifies the risks particular to the business, places risk mitigators in place or monitors, and takes action based on knowledge of the process+risks.

Risk Circle:

•Operational Risk Management starts and stops with process

•Process failures cause losses

•Process is composed of people, information systems, and operational assets
 

Why Risk Management?  Answers are simple but key to success:

• Anticipation and avoidance of risk
• Reduced $ losses
• Reduced earnings volatility
• Improved process control
• Accurate loss forecasts and reserve allocations
• Forward looking view on risk profile

When a SAS 70 Audit is performed, management must analyze what makes their company function:  known as "processes".

A SAS 70 Audit's first step is to identify the processes within the company, then discuss what can go wrong, known as risks, and finally, the controls put into place by management are documented and tested.

This is what you call value:  SAS 70 Audit = Risk Management = Value