|
Coming Sarbox Audit Challenges |
|
Source: IT Business Edge | Priority:
Managing Compliance Standards |
Topic: Sarbanes-Oxley
Date Published:
9/29/2005
|
With Marty Judge, vice president of marketing of Ecora, a provider of configuration and change management software solutions supporting IT control, security, and compliance. As vice president of marketing, Judge is responsible for driving Ecora's marketing initiatives, strategic messaging, and product management.
Question: What differences in Sarbanes-Oxley auditing can companies expect in Year Two as opposed to Year One?
Judge: In Year One, auditors were amenable to determining that a company was in compliance at the time of the audit. For Year Two, they want companies to demonstrate that they were in compliance during a period before the audit. In other words, it won't be enough to show you're in compliance as of Dec. 31. You're going to have to show you've been in compliance from Jan. 1 to Dec. 31. We also are hearing that in Year Two there is going to be greater scrutiny on the IT infrastructure front. In Year One, auditors were focusing around 15 percent of their efforts on IT infrastructure. They're talking about a 30 percent to 40 percent focus on IT infrastructure in Year Two. This greater level of scrutiny means companies will have to supply greater levels of information and documentation to continue to be in compliance.
Question: What challenges do companies face in demonstrating this enhanced level of compliance?
Judge: The first challenge is how you are going to provide adequate documentation on infrastructure and controls when the environment is changing, sometimes on a minute-by-minute basis. Depending on the size of the environment and the nature of the business, if you are not able to keep up with the changes and make sure that the controls are updated, you're going to be out of compliance. A Windows server can take four to eight hours to fully document. Some large organizations can have hundreds if not thousands of servers. IT administrators will spend untold hours trying to document all of these servers if they attempt to do so manually. But because the infrastructure is subject to change, the documentation is likely to be out of date by the time the process is finished.
Question: What approaches can companies take to deal with these problems?
Judge: Some companies are approaching compliance as a pain point and try to deal with it by applying a point solution. Others view it as a best practice process. Some view compliance as a tax while others say it is an opportunity to get their infrastructure under control. They realize that they need not only to comply with regulations but also improve security controls to meet the needs of the company. From an economic standpoint, since Sarbanes-Oxley compliance is not a project but an ongoing program, it makes more sense to use the compliance process to leverage a number of different sections of the IT infrastructure. One reason this approach has not yet caught on in a big way is that there are not too many areas of the IT organization with different focuses. They're not all singing from the same hymn book.
|
 |
|
SMBs Get Sarbox Reprieve, SEC to Study Cost Burden
TAKEAWAY: The Securities and Exchange Commission has given small businesses another year to comply with the auditor-attestation requirements of Sarbanes-Oxley Section 404(b), which means SMBs will need to provide attestation reports for fiscal years ending on or after Dec. 15, 2009. In addition, the Office of Management and Budget has given the SEC the green light to study the cost and benefits of compliance for small companies.
Source: CFO.com |
Priority: Managing Compliance Standards |
Topic: Sarbanes-Oxley
Date Published: 6/20/2008 |
Date Reviewed: 6/25/2008
Universities Not Prepared to Teach International Accounting Standards
TAKEAWAY: With a dwindling faculty, colleges and universities are not prepared to teach accounting standards that may include international financial reporting standards. Teaching U.S. GAAP and IFRS simultaneously would not only require new textbooks and licensing tests, but also additional courses that would be very difficult to introduce to many undergraduate accounting programs.
Source: CFO.com |
Priority: Managing Compliance Standards |
Topic: Audits
Date Published: 6/16/2008 |
Date Reviewed: 6/17/2008
> Read
" Dying for a Date" at CFO.com
Appellate Judge Leans Toward Ditching PCAOB
TAKEAWAY: The comments by Brett Kavanaugh of the U.S. Court of Appeals for the District of Columbia Circuit indicate he favors getting rid of the Public Company Accounting Oversight Board. Kavanaugh says the board is not a government entity and upholding that idea would give the green light to creating independent agencies within independent agencies.
Source: Bloomberg |
Priority: Managing Compliance Standards |
Topic: Sarbanes-Oxley
Date Published: 5/28/2008 |
Date Reviewed: 5/29/2008
|
|
|