SAS is a global leader in data and AI, delivering and operating mission‑critical software solutions for major industries across the globe. SAS aims to drive its Governance, Risk and Compliance (GRC) program through automation, technology, and rigorous metrics, ensuring they can meet new certification and assurance demands without sacrificing speed or quality.

To streamline its compliance efforts and enhance operational efficiency, SAS actively participates in A-LIGN’s audit harmonization program. This initiative helps SAS consolidate over 10 certifications and attestations into a unified, cohesive process.

The challenge

To maintain trust and security across such a vast operation, SAS relies on its GRC-A team (Governance, Risk, Compliance, and Audit) to manage a complex landscape of public sector and commercial compliance requirements.

While the program’s primary mandates include risk reduction and strict adherence to internal controls, an overarching goal of the GRC-A program is to drive operational efficiency in their processes.

As SAS expanded its certification and assurance engagements, the GRC-A team looked to increase its auditing intake and capabilities.

“There’s no way that we could do all of our assurance engagements if we did them contiguously. There’s just not enough time in the year – A-LIGN harmonized our audit efforts, greatly saving our team valuable time and resources.”
-Cathy Smith, Senior Director of GRC-A

SAS required a focused, long-term strategy that examined compliance obligations across a multi-year horizon.

Why A-LIGN

SAS selected A-LIGN as its audit provider based on a shared long-term strategic vision and a commitment to growing together as assurance needs evolved. From the beginning of the relationship , A-LIGN demonstrated an understanding that SAS’ audit and compliance requirements would expand over time and positioned itself as a strategic partner rather than a transactional service provider.

Rather than focusing solely on immediate audit needs, A-LIGN engaged SAS in forward-looking discussions about business growth, evolving risk profiles, and anticipated assurance demands over the coming years. This approach established a foundation of trust and alignment, enabling the relationship to mature as the scope, complexity, and volume of assurance engagements increased.

As SAS’s assurance program grew, audit harmonization developed as a strategic response to managing multiple frameworks more effectively. A-LIGN’s ability to consolidate and align compliance efforts through its audit harmonization program allowed SAS to increase efficiency, reduce redundancy, and maintain consistency across engagements. By providing an integrated, tailored compliance framework for organizations managing three or more standards, A-LIGN supported SAS in developing a more scalable, sustainable, and mature compliance program aligned with long-term business objectives.

Additionally, SAS found A-LIGN’s A-SCEND audit management platform would play an essential part in streamlining and managing complex, multi-month engagements.

“SAS has a strong growth mindset – and A-LIGN demonstrated a strong desire to grow alongside SAS, providing leadership that aligned with SAS’ own ambitions.“
-Cathy Smith, Senior Director of GRC-A

The results

A-LIGN’s audit harmonization methodology helped SAS streamline multiple audits including, but not limited to — SOC, ISO, FISMA, FedRAMP, and penetration testing engagements — by conducting them simultaneously. This approach maximized efficiency, transforming a traditionally year-long process into streamlined windows that reduced both time and cost, delivering significant gains for SAS’ GRC-A team.

Audit harmonization also improved collaboration between the GRC-A team and the internal IT organization. Instead of conducting multiple audits, the process was consolidated into single interviews or evidence pulls, minimizing disruptions and respecting the IT team’s time.

The A-SCEND platform further enhanced efficiency as it is designed to support organizations operating across multiple compliance frameworks by mapping evidence once and reusing it across audits (e.g., SOC 2, ISO 27001, FedRAMP). This significantly reduced duplicative requests and enabled a harmonized audit experience as assurance programs scale.

Additionally, A-SCEND’s AI capabilities helped SAS identify if existing evidence met new audit requirements or if prior evidence remained valid, reducing redundant work and increasing overall productivity.

“Our key performance indicators focus on productivity, while also considering risk and compliance.  A-LIGN has been instrumental in driving a streamlined and consolidated audit approach, enabling us to save time and improve efficiency.“
-Cathy Smith, Senior Director of GRC-A

As the global compliance landscape evolves, SAS is confident in its strategy, where meticulous planning, advanced technology, and strategic partnerships clear the path for sustainable growth.