Major revision planned for Sarbanes-Oxley
By taking a top-down approach to ferreting out fraud, Auditing Standard No. 5 will ease up on IT oversight On May 24, the Public Company Accounting Oversight Board (PCAOB) will vote on Auditing Standard No. 5. If approved, this new standard for audits of internal control will bring about significant changes to Sarbanes-Oxley regulations, which now operate under Auditing Standard No. 2. In particular, Section 404
Recommend ThisBy taking a top-down approach to ferreting out fraud, Auditing Standard No. 5 will ease up on IT oversight
On May 24, the Public Company Accounting Oversight Board (PCAOB) will vote on Auditing Standard No. 5. If approved, this new standard for audits of internal control will bring about significant changes to Sarbanes-Oxley regulations, which now operate under Auditing Standard No. 2.
In particular, Section 404 of the Sarbanes-Oxley Act of 2002 requires companies to assess their internal controls over financial reporting and offer an auditor's report on that assessment. To bring this to fruition, Auditing Standard No. 2 was adopted by the Securities and Exchange Commission.
However, in its latest report, the PCAOB admits that although the oversight has "produced significant benefits" with an increased focus on corporate governance, these benefits "have come with significant cost." If approved by the PCAOB, Audit Standard No. 5 will then be sent on to the SEC, which will decide how long the regulation will be open for public comment before it votes on the standard.
The SEC's goal, according to a PCAOB representative, is to finalize the new rules in time for the next cycle of audits of internal controls for fiscal years ending after Nov. 15, 2007.
I spoke with Patrick Taylor, president and CEO of Oversight Systems, which provides security systems for financial business processes.
The purpose of Sarbanes-Oxley remains the same, to identify fraudulent earning and/or fraudulent financial reports. The difference, however, between Audit Standard No. 5 and Standard No. 2 is the approach. And that difference will have an appreciable effect on IT, in a good way.
"From an IT perspective, [Audit Standard No. 5] will take a lot of the bureaucracy out of compliance," Taylor told me. After four years of dealing with the issues surrounding Section 404, the SEC is actually getting more pragmatic.
The PCAOB admits that the current standard encourages auditors to "perform procedures that are not necessary in order to achieve the intended benefits."
White Paper
D2D Virtual Tape Library Replication Primer
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
White Paper
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
White Paper
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
White Paper
Bringing the Edge to the Data Center
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
- Business-Critical Benefits of Workload Automation Solutions | White Paper
- The Need for Two-Factor Authentication at Enterprise Organizations | White Paper
- Positioning Disk and Tape in a Disk-to-Disk-to-Tape Solution | White Paper
- Log Management: How to Develop the Right Strategy for Business and Compliance | White Paper
- The Essential Series: Security Information Management | White Paper
Sign up to receive InfoWorld Resource Alerts
