Regulatory Compliance, Governance and Security

Aug 26 2008   12:36PM GMT

SAS 70 & Sarbanes Oxley (SOX) | What You Need to Know



The relationship between Sarbanes-Oxley and SAS 70 begins with Section 404 of the 2002 Sarbanes Oxley Act (SOX). Because management must report annually on it’s effectiveness of internal controls, it then has a fiduciary responsibility and a requirement to inspect on controls considered critical to the organization as a whole, but more importantly, to it’s financial reporting process. Because a large number of publicly traded companies outsource a host of services, these outsourcing providers, known simply as “service organizations”, are considered an integral component for purposes of financial reporting. Therefore, a due-diligence process must be enacted to have their internal controls observed and certified. The Securities and Exchange Commission’s (SEC) Chief Accountant and the Division of Corporation Finance has stated that “In many situations, a registrant relies on a third party service provider to perform certain functions where the outsourced activity affects the initiation, authorization, recording, processing or reporting of transactions in the registrant’s financial statement. In assessing internal controls over financial reporting, management may rely on a Type 2 SAS 70 report.” What’s just as important is that this relationship between SAS 70 and Section 404 of the SOX Act has kicked off a regulatory compliance push that quite frankly, there is no end in sight.

To learn more about SAS 70 audit or to receive a sample SAS 70 Type II report, visit the official SAS 70 Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: