SarbOx Guidance Clears Up Nothing

Last month, the Public Company Accounting Oversight Board and the Securities and Exchange Commission attempted to clear up two of the most costly vagaries of the Sarbanes-Oxley Act.

The PCAOB released a new set of standards to help better define what constitutes a “material weakness” in SarbOx compliance, an issue that has been “driving up audit fees like crazy” as internal and external audit teams squabble over different interpretations of the law, says Paul Hamerman, vice president of enterprise applications at Forrester Research Inc.

Meanwhile, the SEC issued this Greenspan-esque clarification on the role of IT in complying with section 404 of SarbOx: “Both management and external auditors must bring reasoned judgment and a top-down, risk-based approach to the 404 compliance process.

A one-size-fits-all, bottom-up, check-the-box approach that treats all controls equally is less likely to improve internal controls and financial reporting than reasoned, good faith exercise of professional judgment focused on reasonable, as opposed to absolute, assurance.” Huh?

While Hamerman thinks the moves by the two governing bodies will help in further clarifying SarbOx compliance, he concedes the language is less than direct. “It’s possible a CIO might not get it,” he notes.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles