Under the Sarbanes-Oxley Act of 2002, publicly registered companies under the jurisdiction of the U.S. Securities and Exchange Commission are subject to laws on corporate governance and financial reporting. Of particular note, Section 404 of Sarbanes-Oxley demands that all public corporations appoint an external auditor to perform a full assessment of the effectiveness of all internal controls that influence financial results, including all material business processes and compliance procedures.
Qualified audit certification to keep your business compliant under U.S. law
If a public organization uses third-party service organization's online applications to expedite transactions, host data outside of their own firewalls, or provide any other significant business processes, these services must also be evaluated for their design and operating effectiveness. All publicly registered organizations that must comply with Sarbanes-Oxley should consider ensuring all their data hosted by third-party service providers is on SAS 70 certified servers.
The Value of SAS70 Certification
Part of Sarbanes-Oxley was the creation of the Public Company Accounting Oversight Board (PCAOB), responsible for publishing and maintaining the guidelines by which auditors must abide. In 2004, the PCAOB released Auditing Standard No. 2 (AS 2), entitled "An Audit of Internal Control over Financial Reporting in Conjunction with an Audit of Financial Statements." In this standard, the PCAOB recognized the merit of a service auditor's report, and the value it has to an auditor's assessment.
AS 2 gave credibility to such audit standards as the American Institute of Certified Public Accountants' Statement on Auditing Standards No. 70 (SAS70). In 2007, the PCAOB released Auditing Standard No. 5, which continued to grant credibility to service auditor's reports and standards such as SAS 70. An SAS 70 Service Auditor's Report will assist a company's auditor in completing their assessments without the need to spend significant time and money on further research into service providers and their own controls.
The Danger of Sarbanes-Oxley Violation
Publically registered companies cannot afford to be non-compliant in the eyes of the Sarbanes-Oxley Act, and follow in the footsteps of multi-billion dollar corporations that bankrupted themselves when they broke the rules. Certification of any audit that does not meet the standards of SOX is considered a crime, and the executive who corroborates such an audit can be punished with a fine up to $1 million, a prison sentence as long as ten years, or both. For any 'willful' violation, the fine increases to $5 million and the prison sentence up to twenty years. Perhaps more severe than any fine or jail sentence, is the damaged reputation a company would experience for violating SOX.
"SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format."
Sarbanes-Oxley Section 404's reach is extensive, and includes the assessment of business processes found in trade compliance programs. To ensure that they receive the best of both worlds, it is important that publicly registered companies invest in a service that can offer both maximum trade compliance and maximum Sarbanes-Oxley compliance. Publicly registered companies need third party compliance suppliers that keep them compliant in more ways than one. By keeping customer data on SAS70 certified servers, services like Visual OFAC ensures that your auditor has the information and references necessary to complete a favorable audit, saving you time, money, and maximizing your compliance with both trade and corporate governance laws.
Visual OFAC can offer this and much more. With a full suite of available export compliance tools, such as advanced denied party screening, a controlled goods and classification analyst, visitor and travel compliance modules, and a wealth of searchable resources, Visual OFAC offers all the tools and processes needed to implement and maintain a complete trade compliance program.