Internal Controls and Corporate Governance under Sarbanes-Oxley: Planning and Audit Processes in Outsourcing

Posted October 9, 2009 by   · Print This Post Print This Post

Outsourcing poses a challenge to corporate governance principles and internal controls.

Compliance Mandate.

The rules are both simple and complex. They are set forth in the Sarbanes-Oxley Act of 2002 and related regulations of the Securities and Exchange Commission, the Internal Revenue Service, the Department of Labor and the U.S. Sentencing Commission and the fiduciary duties of directors and officers to shareholders.

Personal Assets of the Directors.

Directors are now putting their personal assets at risk. The agreements by certain former corporate directors of Enron and WorldCom, announced in early January 2005, to pay millions of dollars to shareholders from the personal funds of directors highlights the seriousness of the director’s fiduciary duty to exercise due care in managing a corporation.

Compliance Solved.

How can directors manage their statutory and common law duties without assuming unfair risk? Simply put, directors must understand the business, and all aspects of the business. Outsourcing is a normal element of any business.

Internal Controls.

Internal controls and effective management of any business enterprise depend on four basics. These basics apply to internally and externally sourced business processes.

  • Design of process;
  • Dialogue on design, auditability and monitoring of the process;
  • Documentation of the process as it is to be performed and as performed; and
  • Disclosure of the financial impact of the process as performed.

guide_1

Compliance Enhanced.
Properly conceived and structured, outsourcing can enhance compliance with Sarbanes-Oxley “internal control” procedures.  The design and implementation of any outsourcing agreement should contain appropriate safeguards and procedures to ensure that the processes performed by the service provider meet these internal audit and control criteria.

Planning for Compliance and Audit.
Your outsourcing service provider, as well as your internal business developers and lawyers, should have a clear plan to comply with these elements.   If you want advice, Bierce & Kenerson, P.C. can provide value.  wbierce@outsourcing-law.com.