< Back

What is the single most challenging Sarbanes-Oxley issue today?

Sridhar Balaji
SourceSentry, Inc.

An effective Sarbanes-Oxley compliance strategy should involve a comprehensive, secure and timely access to corporate financial data with guarantees that the content has not changed and is available when needed. With more and more large and medium sized companies opting to outsource their business and IT processes to external service providers the new challenge for CFO's today, is how to ensure that these outsourced programs will still comply with Sarbanes-Oxley requirements. The CFO's are caught in two minds  on one hand outsourcing especially "offshoring" is a strategic long term initiative that has huge benefits to the company's bottom line when executed properly and on the other hand enormous difficulties arise when ensuring that these offshore providers will comply with their own Sarbanes-Oxley projects.

These offshore providers are located in countries where Sarbanes-Oxley has no legal jurisdiction. How will the contracts be written with safeguards when the buyers themselves are still figuring out what is involved for compliance? How will the operational and legal risks be mitigated? What about smaller niche providers, who are providing services such as call centers, data transformation, business accounting and financial services? Who will bear the costs for compliance requirements? Who can ensure that they are handling these requirements to the buyer companies Sarbanes-Oxley programs, when their own internal teams are faced with cuts or stretched thin on internal compliance projects? These are enormous challenges facing companies seeking Sarbanes-Oxley compliance.

Companies ensure that their service providers, partners or subsidiaries implement information security standards such as ISO 17799 and/or have undergone a SAS 70 audit, steps that give them some comfort. But implementing such standards and audits still does not mean that adequate and necessary internal controls, for example a Sarbanes-Oxley 404 requirement, exist for the specific outsourced activity. The buyer companies still need to know if their specific outsourced activity will comply with their internal Sarbanes-Oxley requirements. SourceSentry helps US companies that offshore to providers in countries such as India and China, by providing an independent audit and assessment of their outsourced program. We are typically engaged by a company anytime from the due diligence of a provider to the post contract management of their compliance and security needs. SourceSentry has a unique approach, in that; our BizSentry methodology is driven specific to each outsourced activity. It's built with foundations of other standards that are organizational specific. For example, the information security and management requirements for a customer call center activity are very different from what is required for a financial business processing activity. This activity based approach is also self describing; new types of outsourced activities can still be audited using the methodology. We have trained local presence so that our field audits are conducted by people who understand the local language, culture and practices. Our US team drives the methodology and provides onshore client access.

Sridhar Balaji has 15+ years year's of progressive experience in software engineering, product management / strategy and general management experience. Prior to founding SourceSentry he was the Director of Software Development at BindView Corp. a provider of proactive business policy, IT security and directory management software worldwide, where he worked since 1997. Balaji was instrumental in building and mentoring the best-of-class engineering teams at BindView. He managed the development activities, which was responsible for products and security content delivery in the areas of Security Policy Compliance and Vulnerability Management, including the company's flagship security management suite bv-Control that contributed annual revenue of $50+ million. He was instrumental in BindView's successful early launch of .NET based products and services, which resulted in increased partnership with Microsoft.

Before joining BindView, Balaji was a senior software developer at ForeFront Group (acquired by SmartForce), an early internet pioneer. At ForeFront (SmartForce), Balaji was involved with the retail launch of ForeFront's web utilities, including WebWhacker, the first offline browser which sold over a million units. At Sperry-Sun (acquired by Halliburton) he worked on INSITE, a real-time logging application that was a pioneer in oil exploration and drilling industry. At Micro Robotics Systems, Inc., he wrote software for vision based real-time systems for semi-conductor manufacturing. Balaji holds a BS in Mathematics, a BS in Electrical Engineering from Indian Institute of Science, Bangalore, India and an MSEE from the University of Toledo, Ohio and is a Certified Information Systems Security Professional (CISSP).

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY