Is SAS 94 a Channel Bonanza?

Can SAS 94 produce the next boom in technology sakes? Quite possibly, suggests Bruce Nearon, director of IT security audit for the Roseland, N.J.-based sister firms, Cohn Consulting and J.H. Cohn.

Of course, it’s unlikely the impact will be anywhere near the strong as Y2K. But heck, anything that boosts sales after the doldrums of 2000 and 2001 is a welcome thought for resellers and consultants.

SAS 94 is formally titled, "The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit," and went into effect on June 1. It transforms the issue of upgrading computer technology from a nice idea for good management into a pressing audit issue, according to Nearon. In his view, any system that is obsolete becomes a management letter comment.

What is obsolete? Nearon says it’s any version of a software package that is not current. Companies can probably get away with being one version behind, but not several and certainly not those that are no longer supported by the vendor. That certainly would seem to apply to businesses that might be using DOS or a non-Year 2000 compliant system. There is a potential double or triple whammy here because upgrading to a current application could also require upgrading the operating system, and the hardware needed to run newer software, which generally require more resources.

Nearon is applying his theory to Cohn’s audits, and makes obsolete hardware and software an audit finding. He believes the threat of audit findings gives CFOs leverage to budget for new hardware and software, since they don’t want to have comments go to the audit committee, and the audit committee certainly will view findings about obsolete technology as reflecting badly on its work.

Is anybody applying SAS 94 this way? Nearon hasn’t researched the question. Currently, he notes, "It’s just me."

For reprint and licensing requests for this article, click here.
MORE FROM ACCOUNTING TODAY