Public companies who use the services of outside suppliers are still responsible for the internal controls on business processes that take place on third-party systems. For Sarbanes-Oxley reporting, that level of accountability can become hard to manage unless the service providers are equipped to meet certain standards for financial reporting and records management.
For SOX, the auditing standard for certifying service provider processes is the American Institute of Certified Public Accountants' SAS 70 Type II report, and any public company should require such a report from their service providers in to complete SOX section 404 certification. For an in-depth look at how outsourcing affects SOX compliance and an action plan to follow, check out Outsourcing Trade-offs: Avoiding the Pitfalls and don't be caught unaware of any weakness in internal controls at your service providers.
See full Article.
Posts
