SarbOx Guidance Clears Up Nothing
EUC with HCI: Why It Matters
Last month, the Public Company Accounting Oversight Board and the Securities and Exchange Commission attempted to clear up two of the most costly vagaries of the Sarbanes-Oxley Act.
The PCAOB released a new set of standards to help better define what constitutes a "material weakness" in SarbOx compliance, an issue that has been "driving up audit fees like crazy" as internal and external audit teams squabble over different interpretations of the law, says Paul Hamerman, vice president of enterprise applications at Forrester Research Inc.
Meanwhile, the SEC issued this Greenspan-esque clarification on the role of IT in complying with section 404 of SarbOx: "Both management and external auditors must bring reasoned judgment and a top-down, risk-based approach to the 404 compliance process.
A one-size-fits-all, bottom-up, check-the-box approach that treats all controls equally is less likely to improve internal controls and financial reporting than reasoned, good faith exercise of professional judgment focused on reasonable, as opposed to absolute, assurance." Huh?
While Hamerman thinks the moves by the two governing bodies will help in further clarifying SarbOx compliance, he concedes the language is less than direct. "It's possible a CIO might not get it," he notes.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...