 |
|
|
| INFORMATION |
| Published : |
Mar 23, 2007 |
| Length : |
8 |
| Type : |
White Paper |
|
| |
|
|
| Overview : |
|
The nature of corporate accounting and financial controls has forever been changed by Sarbanes-Oxley legislation. This white paper discusses the ripple effect of the Act on the IT outsourcing community and the new responsibilities and ethics that rest on companies, both public and private, that entrust all or part of their IT environment to an external third party. It’s no longer a matter of “if” your company needs to comply with the Sarbanes-Oxley Act. It’s simply a matter of “when.” To find out more about the importance of compliance for IT outsourcing partners, download this white paper now. |
|
 |
|
| |
| View All Items By This Company |
| Browse Related Categories : |
Compliance, Enterprise Resource Planning, IT Spending, Sarbanes Oxley Compliance, Software Outsourcing |
|
|
|
|
KEY POINTS
- All companies — public and private — will have to comply with the spirit of Sarbanes-Oxley.
- A SAS 70 Type II audit is a virtual requirement for IT service organizations as certification of their control processes.
- Not all SAS 70 audits are equal.
EXECUTIVE SUMMARY
Picture yourself at a business symposium where the introductory speaker asks which of the following had the most dramatic impact on United States businesses:
- The digital age
- Outsourcing
- The China price
- The Sarbanes-Oxley Act
While there’s no “right” answer to this question, a surprising number of C-level executives would likely choose Sarbanes-Oxley. It’s arguably the most significant legislation affecting U.S. business in decades. In just a few years, Sarbanes-Oxley caused dramatic changes in business processes, controls and procedures. It’s also completely redefined management’s accountability to stakeholders and established criminal penalties for non-compliance. And, while the legislation is directed at public companies, the impact on private companies is undeniable.
That said, this white paper is not about the Sarbanes-Oxley Act, although some basic history and background is presented. Instead, we’ve taken a look at the ripple effects of the Act on the IT outsourcing community and the new responsibilities and ethics that rest on companies — both public and private — that entrust all or part of their IT environment to an external third party.
Indeed, the rules have changed for IT outsourcing companies and their clients. Sarbanes-Oxley (referred to as SOX herein) casts a giant shadow over every person and organization that comes in contact with a company’s financial records and reports, and the controls in place to ensure the accuracy of the information reported.
Beyond demonstrating that their own accounting house is clean, it’s clear that public organizations now must ensure that their outsourced business and IT functions and processes comply with the SOX guidelines covering internal controls. Furthermore, private companies should align themselves with the spirit of Sarbanes-Oxley, especially when it comes to outsourcing. In fact, in 2004 the Public Company Accounting Oversight Board (PCAOB) issued a written statement, in which it noted (somewhat ominously), “The use of a service organization does not reduce management’s responsibility to maintain effective internal control over financial reporting.”
Later in this white paper, we’ll look at ways in which outsourcing companies can take proactive measures to meet both the spirit and letter of compliance guidelines through audits such as the well-known SAS 70 and adherence to industry best practices.
BRIEF HISTORY OF THE SARBANES-OXLEY ACT
On July 30, 2002, the American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act, was signed into law. The Act itself comprises eleven major sections, but includes 1,107 individual sections in all. The act is named after its main architects, Senator Paul Sarbanes and Representative Michael Oxley, and its appearance is usually associated with a series of very high profile scandals, such as Enron and Worldcom, among others.
In announcing the signing of the Act, U.S. President George W. Bush, said, “And now with a tough new law we will act against those who have shaken confidence in our markets, using the full authority of government to expose corruption, punish wrongdoers and defend the rights and interests of American workers and investors.” The President, in referring to the then-new Public Company Accounting Oversight Board, commented, “For the first time, the accounting profession will be regulated by an independent board. This board will set clear standards to uphold the integrity of public audits, and have the authority to investigate abuses and discipline offenders. And auditing firms will no longer be permitted to provide consulting services that create confl icts of interest.”
It’s generally acknowledged that Section 404 seems to cause the most difficulties for compliance. Beyond simply setting forth new rules and regulations, Sarbanes-Oxley:
- Established new accountability standards for corporate boards, audit committees and independent auditors
- Established a Public Company Accounting Oversight Board (the PCAOB) under the Security and Exchange Commission (SEC)
- Specified civil and criminal penalties for noncompliance.
|
|
|
|
 |
|
