Current regulations present new challenges to companies using third-party services that have a direct impact on their financial reporting controls. Such a company must provide evidence that controls are in place: in its own organisation, within the third-party provider and between them and the service provider. The latter can be application service providers, social secretariats, internet data centres, accounting bureaus etc.
Foreign Private Issuers and US company subsidiaries based in Belgium face significant challenges when trying to maintain the independence requirements initiated by the Sarbanes-Oxley Act of 2002 (SOX).
The law is complex and impacts on, among other things, assessments on the effectiveness of internal financial reporting controls, corporate disclosures, compliance oversight, controls monitoring and the practice of public accounting. Deloitte's dedicated SOX team has assisted many companies with section 404 readiness and other Sarbanes-Oxley-related projects.
An SAS 70 report shows that an independent auditor has performed an in-depth audit of a service provider’s control activities. It enables an auditor of the outsourcing customer to obtain an opinion on the service provider’s description of controls. An SAS 70 report reduces the overhead and impact of external audits by customers and is particularly useful for customers subject to Sarbanes-Oxley or equivalent regulations. Deloitte has extensive experience in providing SAS 70 reports to service companies.