Auditors are Urged to Test Information System Integrity

Sarbanes-Oxley is clear: companies must have internal controls in place and the effectiveness of those controls must be audited. However, the law does not address the reliability of the company's information systems, which is now being addressed by the Securities and Exchange Commission, Dow Jones Newswires reported.


Click Here

"We're leveraging our oversight role to encourage public accounting firms to look very closely at information-security controls of those companies," Chrisan Herrod, the SEC's chief security officer, said Tuesday during a conference on cybersecurity, which was reported by Dow Jones.

The SEC is asking auditors to look closely at information-security systems when assessing client companies' internal controls. Companies with fiscal years ending in November are among the first to be required by Sarbanes-Oxley to file an auditor's report on the effectiveness of their internal controls.

The 2002 corporate governance law does not specifically address the assessment of corporate information systems for reliability, but some argue that the systems provide the crux of internal control and financial integrity, Dow Jones reported.

The law "when it was written, may not have been intended to examine information technology, but I think there is some reasonable discussion to be had about whether you can certify the financial statements absent an examination of the information technology infrastructure that supports that," Bob Dix, staff director on the House Technology subcommittee, told Dow Jones.

SEC regulators don't plan to address the deficiency through legislation but rather plan to spread the word to the audit community that the information systems test is a good idea.

"CEOs in corporate America still don't get it," Herrod, who worked as chief security officer for companies including GlaxoSmithKline PLC (GSK) before joining the SEC, told Dow Jones. "They still don't concern themselves with information security...as much as you would think they would, given the events of the last three years."

You may like these other stories...

Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.