DataPath Successfully Completes SAS 70 Type II Audit

SAS 70 Type II Certification

DataPath Successfully Completes SAS 70 Audits

We have examined the accompanying description of controls related to the DataPath, Inc. (DataPath) environment, which provides services to its users. Our examination included procedures to obtain reasonable assurance about whether:

The accompanying description presents fairly, in all material respects, the aspects of DataPath controls that may be relevant to a user organization’s internal control as it relates to an audit of financial statements;
The controls included in the description were suitably designed to achieve the control objectives specified in the description, if those controls were complied with satisfactorily and user organizations applied the controls contemplated in the design of DataPath controls, and
Such controls had been placed in operation as of June 30, 2007.

The accompanying description includes only those controls and related control objectives of DataPath. The control objectives were specified by the management of DataPath. Our examination was performed in accordance with standards established by the American Institute of Certified Public Accountants and included those procedures we considered necessary in the circumstances to obtain a reasonable basis for rendering our opinion.

In our opinion, the accompanying description of the aforementioned controls presents fairly, in all material respects, the relevant aspects of DataPath controls that had been placed in operation as of June 30, 2007.

Also, in our opinion, the controls, as described, are suitably designed to provide reasonable assurance that the specified control objectives would be achieved if the described controls were complied with satisfactorily and user organizations applied the user control considerations contemplated in the design of DataPath controls.

In addition to the procedures we considered necessary to render our opinion as expressed in the previous paragraph, we applied tests to specific controls, listed in Section III, to obtain evidence about their effectiveness in meeting the control objectives described in Section III, during the period from January 1, 2007 to June 30, 2007.

The specific controls and the nature, timing, extent, and results of the tests are listed in Section III. This information has been provided to user organizations of DataPath and to their auditors to be taken into consideration, along with information about the internal control at user organizations, when making assessments of control risk for user organizations.

In our opinion, the controls that were tested, as described in Section III, were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives specified in Section III were achieved during the period from January 1, 2007 to June 30, 2007.

The relative effectiveness and significance of specific controls at DataPath and their effect on assessments of controls risk at user organizations are dependent on their interaction with the controls and other facts present at individual user organizations. We have performed no procedures to evaluate the effectiveness of control activities at individual user organizations.

The description of controls at DataPath is as of June 30, 2007. Any projection of such information to the future is subject to the risk that, because of change, the description may no longer portray the controls in existence. The potential effectiveness of specific controls at DataPath is subject to inherent limitations and, accordingly, errors or fraud may occur and not be detected.

Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that changes made to the system or controls, or the failure to make needed changes to the system or controls, or changes required because of the passage of time may alter the validity of such conclusions.

The information in Section IV of this report is presented by DataPath to provide additional information and is not a part of DataPath’s description of controls placed in operation. The information in Section IV has not been subjected to the procedures applied in the examination of the description of the controls applicable to the processing of transaction for user organizations and, accordingly, we express no opinion on it.

This report is intended solely for the use of management of DataPath, users of its services, and the independent auditors of its users.

Joseph E Maddox, CPA, P.A.
7002 67th Street North
Pinellas Park, FL 33781