Does Your Current Backup System Meet Federal Regulations?

By: Andrew Stratton

In response to an explosion of major corporate benefits and accounting scandals in recent years, Congress passed two laws regulating the storage and reporting of internal data.

The first impact was felt in corporate America by the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996.? The Administrative Simplification (AS) provisions of HIPAA mandated national standards for electronic health care transactions and identifiers for providers, health insurance plans, and employers.

Under HIPAA, an IT audit most often is performed in conjunction with a financial statement audit or an internal audit. Evidence is collected and evaluated concerning an organization's information systems, practices, and operations to determine whether those systems record and maintain accurate, reliable data.

An IT audit doesn't focus on internal controls in the way a financial audit does.? Rather, it seeks to determine risks relevant to information assets, and to assess whatever controls are in place to eliminate or reduce those risks.

The focus of an IT audit is on evaluating a system's availability, confidentiality and integrity.

The Sarbanes-Oxley Act of 2002 created (among other oversight regulations) the Public Company Accounting Oversight Board (PCAOB), which addresses the role IT plays in a company's internal controls.? The PCAOB's "Auditing Standard 2" states: "The nature and characteristics of a company's use of information technology in its information system affect the company's internal control over financial reporting,"? and its provisions are targeted toward seeing that those controls and reporting are legitimate and accurate.

Under this law, auditors audit key and general controls, with "key" controls being those that are key to ensuring that numbers shown on the company's balance sheet are authentic. (For instance, there might be a trigger on a database table to ensure that adding any entry into the accounts receivable table automatically creates an entry into the general ledger.)? The person held accountable for seeing that these regulations are met is the company's Chief Information Officer (CIO).

Given the breadth and complexity of current federal law governing storage and maintenance of IT data, prudent business owners will take whatever steps necessary to assure their IT systems and controls meet or exceed regulations.? Taking the time today to ascertain that your online offsite backup system complies with federal regulations will save you countless intrusive and costly auditing headaches, down the road.

Top Searches on
Security
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Security
 



Share this article :
Click to see more related articles