08 Aug SOX Auditing Cloud Financials | Working with External Auditors
Cloud providers and hosted solution providers for SOX regulated companies must be able to work closely with external auditors and provide the necessary transparency into internal controls to satisfy the SOX auditing objectives that deal with financial information systems.
Chief Compliance Officer, Glen Medwid, discusses the importance of working with external auditors to provide the necessary assurances that cloud based accounting systems meet SOX auditing requirements. You can learn more about all ERP cloud SOX compliant objective points in this free SOX Compliance Checklist.
“We are experienced in working with various external auditors to document our internal controls to make sure that we meet the sox requirements.”
It is critical that a hosting provider of cloud based accounting solutions is able to work closely with external auditors to provide the right reports in a timely matter. Accurate trustworthy reporting from a cloud provider is an important part of maintaining controls for compliance with Sarbanes-Oxley, and external auditors will want to review reports for any issues or exceptions.
The Sarbanes-Oxley Act (SOX) of 2002 applies in-part to accounting systems and data, and it imposes a list of objectives designed to ensure the integrity of financial reports published by publicly traded businesses. External auditors apply objective and standardized auditing processes to assure that policies are implemented and that data centers and internal IT operations satisfy SOX objectives.
“Upon request from external auditors, we will provide copies of our reports to external auditors we’ll provide them with policies on a confidential basis. We’ll also provide them documentation of evidence that internal controls were performed, and/or send them screenshots of system settings.”
The 5 Critical Areas of Control for SOX in the Cloud
In order to truly deliver SOX compliant cloud services and infrastructure, a cloud provider must have standardized and documented policies for…
- Change Management Plan or Policies
- Logical Access Contols
- Physical Security Policy
- IT Operations Management
- Enterprise Cloud Backup & Recovery