New guidelines for auditors of Sarbanes-Oxley compliance could take effect later this week, lowering the cost of SOX initiatives and reducing companies’ dependence on auditors to interpret SOX requirements. The Public Company Accounting Oversight Board (PCAOB) — a private, nonprofit entity that gives guidance to the many auditors who evaluate SOX compliance — on Thursday is scheduled to vote on a range of new recommendations, many of which will make it easier and less expensive for companies to meet the legal regulations. “These changes could have a very profound effect on the whole compliance effort,” says Chris Davis, manager of compliance knowledge management at Cybertrust, which offers security and compliance tools and services.<\/p>\n","protected":false},"excerpt":{"rendered":"
“If it passes, it will allow companies and auditors to worry more about the things that matter when it comes to financial fraud,” says Patrick Taylor, CEO of Oversight, which makes software for analyzing the accuracy and security of financial transactions. Companies will be able to focus their attention on the more common paths to fraud, such as changes to the general ledger and revenue recognition, and not worry about unlikely paths, like backup.”<\/p>\n
The chief problem is that the law, which is designed to keep public companies from cooking their own books, is extremely vague in its requirements, particularly with regard to IT. “For example, the current guidelines require the auditor do a walk-through of every transaction path that might result in a change to financial data,” says Davis. “In a large company, you can imagine how many transaction paths there are.”<\/p>\n
But the PCAOB’s proposed changes to the audit standards would allow companies to perform a risk assessment of their systems and practices, and then focus their efforts on the most likely paths of financial fraud, instead of trying to close every possible loophole. “Those are going to be changes that somebody makes to the general ledger, which are relatively easy to detect. “That’s the kind of thing that could make the difference between an audit lasting two weeks or lasting two months,” Davis says.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=124538&WT.svl=news1_1<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1685","post","type-post","status-publish","format-standard","hentry","category-regulations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1685"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1685\/revisions"}],"predecessor-version":[{"id":4172,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1685\/revisions\/4172"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}