The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, mandates that all covered entities fulfill certain requirements for data backup, storage, and recovery; the Sarbanes-Oxley Act (SOX) holds many publicly held companies and all Registered Public Accounting Firms to a rigorous set of standards. These rules set guidelines for how data should be stored, accessed, and retrieved.
In response to an explosion of major corporate benefits and accounting scandals in recent years, Congress passed two laws regulating the storage and reporting of internal data.
The first impact was felt in corporate America by the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The Administrative Simplification (AS) provisions of HIPAA mandated national standards for electronic health care transactions and identifiers for providers, health insurance plans, and employers.
Under HIPAA, an IT audit most often is performed in conjunction with a financial statement audit or an internal audit. Evidence is collected and evaluated concerning an organization's information systems, practices, and operations to determine whether those systems record and maintain accurate, reliable data.
An IT audit doesn't focus on internal controls in the way a financial audit does. Rather, it seeks to determine risks relevant to information assets, and to assess whatever controls are in place to eliminate or reduce those risks. The focus of an IT audit is on evaluating a system's availability, confidentiality and integrity.
The Sarbanes-Oxley Act of 2002 created (among other oversight regulations) the Public Company Accounting Oversight Board (PCAOB), which addresses the role IT plays in a company's internal controls. The PCAOB's "Auditing Standard 2" states: "The nature and characteristics of a company's use of information technology in its information system affect the company's internal control over financial reporting," and its provisions are targeted toward seeing that those controls and reporting are legitimate and accurate.
Under this law, auditors audit key and general controls, with "key" controls being those that are key to ensuring that numbers shown on the company's balance sheet are authentic. (For instance, there might be a trigger on a database table to ensure that adding any entry into the accounts receivable table automatically creates an entry into the general ledger.) The person held accountable for seeing that these regulations are met is the company's Chief Information Officer (CIO).
Given the breadth and complexity of current federal law governing storage and maintenance of IT data, prudent business owners will take whatever steps necessary to assure their IT systems and controls meet or exceed regulations. Taking the time today to ascertain that your online offsite backup system complies with federal regulations will save you countless intrusive and costly auditing headaches, down the road.
Searching for the Best Deals Offered by Local Banks
Which of the local banks should you work with? There are several reasons for consumers to shop around and find the best deals. Read on to learn more.Apparel Comes With Many Options
When it comes to apparel, the choices are unlimited. You have a certain style and you can match this by choosing the right types of clothing for your taste and style.Get Involved in Athletics
Choosing a university is a pivotal decision that extends beyond academics. While academic excellence is crucial, considering other aspects like athletics and music departments can significantly enhance your college experience. This article delves into why you should factor in a university's athletics department when making your choice, offering insights, stats, and tips to help you make an informed decision.