Auditors are Urged to Test Information System Integrity

Sarbanes-Oxley is clear: companies must have internal controls in place and the effectiveness of those controls must be audited. However, the law does not address the reliability of the company's information systems, which is now being addressed by the Securities and Exchange Commission, Dow Jones Newswires reported.


Click Here

"We're leveraging our oversight role to encourage public accounting firms to look very closely at information-security controls of those companies," Chrisan Herrod, the SEC's chief security officer, said Tuesday during a conference on cybersecurity, which was reported by Dow Jones.

The SEC is asking auditors to look closely at information-security systems when assessing client companies' internal controls. Companies with fiscal years ending in November are among the first to be required by Sarbanes-Oxley to file an auditor's report on the effectiveness of their internal controls.

The 2002 corporate governance law does not specifically address the assessment of corporate information systems for reliability, but some argue that the systems provide the crux of internal control and financial integrity, Dow Jones reported.

The law "when it was written, may not have been intended to examine information technology, but I think there is some reasonable discussion to be had about whether you can certify the financial statements absent an examination of the information technology infrastructure that supports that," Bob Dix, staff director on the House Technology subcommittee, told Dow Jones.

SEC regulators don't plan to address the deficiency through legislation but rather plan to spread the word to the audit community that the information systems test is a good idea.

"CEOs in corporate America still don't get it," Herrod, who worked as chief security officer for companies including GlaxoSmithKline PLC (GSK) before joining the SEC, told Dow Jones. "They still don't concern themselves with information security...as much as you would think they would, given the events of the last three years."

You may like these other stories...

How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...
Event Date: October 30, 2014, 2 pm ETMany Excel users have a love-hate relationship with workbook links. For the uninitiated, workbook links allow you to connect one Microsoft Excel spreadsheet to other spreadsheets, Word...
Event Date: September 9, 2014, 2:00 pm ETIn this session we'll discuss the types of technologies and their uses in a small accounting firm office. Included will be:The networked office: connecting everything together for...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.