Do websites need compliance? 621



  • I am a web developer in the UK. An american client has introduced the Sarbanes Act into the mix by saying the website needs to be compliant.
    Does anyone know if this is true? Do websites need to comply to this Act? And if so, in what areas? How?
    The website is an ecommerce site, selling ex-demo and slightly-defective (ie scratched) keep-fit equipment.
    Having searched the net for answers I have yet to find websites and the Act mentioned in the same sentence. Also, I have not read or heard in the web development community that this is a new requirement for us web developers.
    As far as I understand it, the Act pertains to Accounting practices, etc. and I fail to see how it applies to a website I am developing.
    Any guidance is most welcome, as this is of some concern to me.
    Thanks.



  • Zorb,
    Websites do not need to comply, companies do.
    If a web site is for:
    US publicly traded companies and global companies with US publicly traded operations
    Corporations that fall under the jurisdiction of the U.S. Securities and Exchange Commissions
    Private firms interested in going public
    Private firms that may be the target of an acquisition or merger by a public firm (ensuring compliance of the final entity).
    European companies and many Asia/Pacific-headquartered companies that are dually listed on two or more stock exchanges.
    …then the company must comply with Sarbanes-Oxley.
    You must search for ‘general IT controls’ and ‘application controls’.
    Send me your email address to send you some documents.



  • Hi Zorb,
    You mentionned that you are developing a e-commerce web site.

    • If from this site, customers can enter orders, and download invoices (EDI or others), make payments through credit cards;
    • If this web site will have impact on the figures of the month: sales, cash, discounts…
      Then I might agree that you need to ensure that the generated business on the web will be captured by your IT accounting systems and all controls are in place to ensure: accuracy, completeness, authorization…blabla on all the figures envolved - to be documented and tested…
      bye


  • As I suspected. 🙂
    Many thanks for the info.
    Letakis, you have my email, and I look forward to receiving any additional info you have.



  • Lekatis, apologies to you for spelling your name wrong. :oops:



  • No problem Zorb, I sent it to you.
    Good point angie.
    Zorb wrote: I am a web developer in the UK. An american client has introduced the Sarbanes Act into the mix by saying the website needs to be compliant.
    You can not sent a compliant web site to America. The American company needs segregation of duties, change management procedures, controls anr tests… and much more…



  • websites do not need to be compliant.
    It is significant financial processes that need to be preoperly controlled. If a Company’s financial processes include web-based transactions then these need to be properly controlled.
    You have to think of it from a financial process point of view. The website itself could be complete garbage and the process still be well-controlled. Similarly, you could have a top-notch website and have a terrible process. The question is hos is the process controlled overall and how does it affect your financial statements.



  • Any system including websites that does not have a financial impact, we are not documenting for SOx.
    However, we are not selling anything nor generating invoices online.



  • It is different to have a web site with proper documentation and different to have a ‘compliant’ web site.



  • Recognizing the emphasis placed in your original posting, I believe you are primarily concerned with describing the ‘defectiveness’ of your product (scratched gym equpipment) accurately and fairly. Your question is not far off base; indeed SOX regulates the accuracy of information destined for the public–and a website is clearly designed for spreading information to the public. However, the subject is the corporation itself, not the product(s) that the corporation is selling.
    Inaccurate and unfair descriptions of a product will not jeopordize the financial soundness of the general public to the same degree as inaccurate and unfair descriptions of the (financial soundess) of the corporation.
    an ecommerce site, selling ex-demo and slightly-defective (ie scratched) keep-fit equipment.


Log in to reply