corporate governance

Sarbanes Oxley (SOX) and SAS 70 | What Does the Future Hold?

Sarbanes Oxley and SAS 70 audits have had a monumental impact on corporate governance and compliance. So much so, they almost invented a huge part of the pie. As a SAS 70 auditor, i’m often asked what does the future hold for Sarbanes Oxley (SOX) compliance and also SAS 70.

Well, my friends, let’s take a look at the crystal ball and let me give you my thoughts on SOX and SAS 70.

First and foremost, compliance is NOT going away. Sure, there have been growing pains with the cost and time associated with SOX compliance, but those costs are starting to become greatly streamlined as organizations are finding ways to be more efficient with SOX compliance. In short, it’s here to stay, so consider it a part of life in the business world. With the rash of fraud that occurred on Wall Street which almost toppled the capital markets overnight, there will no doubt be MORE compliance laws, regulations, and rules echoing out of the halls of congress. I would not be worried and thinking too much about SOX, but rather, what else is in the witches brew that could be cooked up on Capital Hill. Think i’m kiding? PCI compliance recently became codified into law in MN with many other states following closely behind.

With SOX staying, you can rest assured that SAS 70 will be hanging around like a little brother. And why not, it’s been a hugely successful internal control auditing mechanism that has shed light on service organizations and how they conduct business.

Compliance is a way of life; as sure as death and taxes. The key is finding a way to meet compliance in a cost-effective and streamlined manner.

SAS70 Audits | A Great Way to Grow your Business

SAS70 audits can be seen as expensive, time consuming, and arduous, to say the least. What’s important to note though is that a SAS70 audit can be seen as a great tool for helping promote and grow your business. Just take a look at the heightened regulatory compliance and corporate governance arena we know live in. Need further proof? How you noticed how many request for proposals (RFP) that are put out to service organizations now require a SAS70 Type II audit report if you want to even be CONSIDERED a viable outsourcing entity.

Sure, they can be time consuming and expensive, but if they help your business grow, and they have done just that for many service organizations, then it should be looked upon as an effective value proposition for your business.

From an operational standpoint, SAS70 Type I and SAS70 Type II audits help you greatly understand your system of internal controls, where you are weak, where your controls are strong, and what has been unearthed during the SAS70 process to help your organization in becoming an entity that truly values controls at all levels throughout your organization.

Want to learn more about SAS70 audits, such as what a SAS70 really is? Then visit the official SAS70 resource guide.