Virtual Forum - October 13 | REGISTER NOW
- 8 June 2004 09:17
Regulatory Compliance Issues Impede Outsourcing, META Group Says
Sarbanes-Oxley Requirements Remain a Wild Card for Outsourcers
SYDNEY, Australia. (June 7, 2004) — A number of U.S. companies may postpone efforts to outsource business and IT processes because of uncertainty about the impact of Sarbanes-Oxley (SOX) on third-party relationships, according to META Group (Nasdaq: METG).
“Outsourced organizations will be held just as accountable for SOX compliance as those managed internally, but regulators have not yet clarified how outsourcers will be required to demonstrate compliance,” said Stan Lepeak, vice president with Professional Services Strategies at META Group. “Companies negotiating business and IT outsourcing deals must consider the impact SOX can have on these arrangements and plan accordingly, and in some cases it may make more sense to wait.”
A recent survey conducted by META Group of more than 200 business and IT managers and executives demonstrates that most are perplexed about the implications of SOX compliance on their outsourcing initiatives. About 40 percent said they either did not expect to address outsourcing processes or are not addressing them at all. In addition, more than 20 percent said they had already certified SOX compliance for outsourced processes, which is impossible considering regulators have not yet defined how to certify them.
“Business and IT managers are very confused about whether to proceed with outsourcing plans, and those that do plan to move forward should do so with caution,” said Lepeak. “Given the comprehensive nature of these regulations, there is no one-stop solution for SOX compliance. This becomes even more pronounced in an outsourced situation where processes are far removed from those tasked with compliance oversight and when regulators have yet to finalize guidelines.”
META Group research finds that many organizations assume a Type I or Type II SAS 70 Audit will suffice for SOX compliance for outsourced processes. However, regulators have not clarified this point, and many organizations are unable to obtain a basic Type I audit from their outsourcers.
META Group is working closely with numerous leading IT organizations to provide actionable recommendations about outsourcing initiatives and SOX compliance. For companies seeking to ensure regulatory compliance among internal and external programs as quickly as possible, these recommendations include gaining consensus among auditors, relevant business and IT units, executives, and board members about how to define what constitutes an adequate controls assessment for outsourced processes until regulator clarification is provided. About META Group
META Group is a leading provider of information technology research, advisory services, and strategic consulting. Delivering objective and actionable guidance, META Group’s experienced analysts and consultants are trusted advisors to IT and business executives around the world. Our unique collaborative models and dedicated customer service help clients be more efficient, effective, and timely in their use of IT to achieve their business goals. Visit metagroup.com for more details on our high-value approach.
Jessie Shepherd Markom Marketing +61-2-9977-8922 firstname.lastname@example.org
Peter Carr, Vice President, Director Operations META Group +61-2-9290-8659 email@example.com