IT Management - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Management


What Will SarbOx Mean to Outsourcers?



 By: Stan Gibson
2005-04-04
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Management story.


Rate This Article:
Poor Best
Opinion: As attorneys begin to prosecute companies for noncompliance, we'll learn a lot more about just how this landmark law will impact outsourcing relationships.

The Sarbanes-Oxley Act has been on the books for nearly three years, but the fun is only beginning. As U.S. attorneys begin to prosecute companies—and corporate officers—for noncompliance, well learn a lot more about just what this landmark law is made of, including what impact it will have on outsourcing relationships.

If youve inked an outsourcing deal since the law took effect, youve probably seen contract language that delineates the outsourcers responsibility with regard to ensuring that the client company is in compliance with SarbOx mandates. A client might want the outsourcing provider to take on significant responsibility for the clients compliance, even going so far as to indemnify the client for noncompliance relating to outsourcing. However, such a step is seldom in an outsourcing providers interest.

"Its an ongoing quagmire," said William Bierce, a partner at Bierce & Kenerson, a New York law firm specializing in outsourcing. "The outsourcer becomes a surrogate insurance company if it indemnifies for [SarbOx] compliance."

Although an outsourcer might be tempted to go to that length to get or keep a customer, doing so might create a material risk for the outsourcer—which should raise a red flag for company officers, board members and stockholders. "Its not prudent for them [service providers] to assume too much liability—it could lead to catastrophic loss," Bierce warned.

Resource Library:

While a customer might think it smart to extract that kind of commitment from an outsourcer, it will probably come at a price. "In getting the indemnity, the enterprise customer has to worry about losing some flexibility in its business model," said Bierce. If the client has to change its business model, both parties have to agree on the impact of the change on the covenant that applies to SarbOx, the attorney said.

Outsourcing is growing up, claims Stan Gibson. Click here to read his column.

Further, leaning too much on the outsourcer might create the illusion on the part of the client that its executives and staff dont have to be concerned with compliance, Bierce said. This is an unhealthy perception because its corporate officers who must sign the compliance statements.

Another expert, Robert Newmann, managing director and general counsel at Burwood Group, a Chicago-based technology consulting company specializing in compliance and risk matters and network design, stressed the importance of contract language. "The contract has to be very firm around requirements for access to information and retention for information. If theyre not capable of complying, they cant be an outsourcer," said Newmann. There has always been liability associated with outsourcing because key functions are being performed by another party, he said, but with SarbOx the stakes have been raised significantly. "The liability for the consulting firm is huge," he said.

In one of the highest-profile outsourcing contracts, Procter & Gambles deal with Hewlett-Packard for IT infrastructure, HPs role in enabling SarbOx compliance was written into the contract, P&G IT staff told me in a conversation last year.

In crafting deals, Bierce said its important to emphasize that the enterprise client remains in control of the business processes, even though an outsourcer is performing the work. But that doesnt mean the service provider can never be on the hook. "A service provider could be liable for noncompliance should it breach the process so as to expose the enterprise to a claim of securities fraud," Bierce said. But, he cautioned, to the extent that SarbOx indemnification is included in contracts, it should come with a cap on SarbOx liability.

Each contract will be different; there are no easy answers. "Its a complicating factor that requires a great deal of attention," said Bierce, adding, "[SarbOx] forces the partner and the customer to have an ongoing dialogue about the business."

Out and about

CSC inked an it infrastructure services pact with French carmaker Renault worth $236 million. The deal includes network, midrange and mainframe support to Renault sites in France and Spain. In a statement CSC CEO Van Honeycutt credited his companys presence in those countries as a critical factor in securing the deal.

Executive Editor Stan Gibson can be reached at stan_gibson@ziffdavis.com.

To read more Stan Gibson, subscribe to eWEEK magazine.

Check out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.



  Reader Comments: What Will SarbOx Mean to Outsourcers?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More IT Management Articles          >>> More By Stan Gibson
 


x}is㶲*Qމg5E푦dKuƶ|,LU(S$CR^&7nܴPޙĶ4F;;~$riɅc,JvУw&w$wv~] 4I-*rdxj9%GԲ|W軫F]̱] P/W?`W᳑,Q :#:UGPL95Μ k9ԗoˏne0.ZAQ6*VO0 E%U5EhDԸ#|x\{໇dYǝ (ƻf{ikd`9[P;Eyahw/@Zj#\DȁBni=T D=TVw2*-&{1ҁc)e:9Tը>5-G|ݖ|#XulAf@h ɠEuL_CԿ($f€ 8QKW<{ep.B2iK1qJꛫZUJPX=,BEe_U 8ʕ??1n!S[ö@ .3+~L>(CZC>/=)5ٴ6m;>D#ʠ:괱b{\gf'&hC=҉:L wF|.HY sX >$n-탊J$i-DCw PIeg&S@yGALνbrgmM~(wIn@>h^0vhq.ppYY?0@]q2g> o t*Qc6>Ԇ!~9.b&;AtStq^i.[OeUZ0+%afsP*퉟 :Rj'~7Bʶ`/^Ya`ҩE]QZBKPD@BR)i ’i)^(y1rCx E~R}}Y9m,_&TY?>2aiF.bՒhxK[@ xB1$3Q_؎mrij68:ЃX麞~o푛Ÿ6h*lhAJeǝ8~&'h sX MCz&\D0e8, ,[b){.C.Wݡc=N]Swa1H w.jFh>nG[aHz{&1щj*SaA3(TMqO=ݝtlļZB_uayדaT5cclq,Yri *gXs?QɺHBgUK- Ӟ#瀛*,-gç! c$D8r_(+ cG.;OQF# !ےTcfNf L`.8uE% U7 Qքu&t0}{É,,'i~ö'"%tp K=A,C{7Mt `BE :Mc8M"z@zz:Դ'*+&5"3`4JG3ǍR<ρ~hׂ[5Mak}SS~W֬ݬ񂠨f/xlcDH!2Ѵ%\%& ~tV}X@¿lڊB+E?e$βߌc *RM5E+* BcIYY'ojCpl93#ONPÕG9h QljqW@AdūGj2e*7ty?Oiп)#2R*?<< RzVΠ7j2=2~uTev70p&#<=̕2em &s#d{W͝⠑8S"rHcGyn q)1 .KUXa-.YQ.mc8n1^ |"8wDA$;QOpŇv_6 (5}zK))r4*H+Utq͡/3Onq, UU{My UfL**CjN10t͡2`|&L#2OB(KYMlaTJp9ԃ NAaW9K=XT\SGz=ݠ1pU JUz1H҇rS5Bdrq-7 BR%%!fͳ!fA#Gx&6A(ƙ-`O+ps)sp>'S A7GͧZX!wI#̸y×hwg G@B=.[Œ4H7.W 1cf=eDqa%M-XƏt@j:, U!oeUiZU ՂV'avٹym(FߍeRTRssŕn3݀,=2(s,~w9ـo9 |\V* |2(R|"!C-a'dq'?l$ +hB',W'r\&7F@"'!r* 3ݠމbB\<1нݽ]VUv&&/!(0HH_dP;D7:uvs&h蝟Ew%]7f4v{ҹI'b¹ү:vݹ< ">=Ewj}B^ۀeԾlu@Jv'N;/Rqi÷[hdzL\!I1>`d˙]=+bofTuhôI/R`a{raN׹p.קK%y_7;$˖u ׹9$hhȃ,!z[fS L k3d8)0OhdqHá;|H!q,f :s:֒TzF_ɾj6ϐa5(+8C?vTWط* 5?̀o$}`*rAQ1@KLF4ݫqZfp=4z"ZBtX 1u}Ec)%Q\(/Y":\78Q=9l6w FGWE'k+tz--'2}mџ.`m eڃ͟\Vr['5۟H| Nv}>oq_,@Cpp".A)H7ԺJ9 0QJ"g8;?m[ė{+/=;SL$c*(4iafuKb)ɔbJ4:A2؞$iYMzJcTcH(PPKz3>e vޜ,Hq9Yi@ybZӽM3Bmc%19k"it(5^q.H>bG)-5*vZRZz*$?+hqbx7`H0v9˫b~MZ_1ugj̣{m֝i*6;GT@(NV1k- ,]7_>mzόEoIM2K}?1z'mxG47p-;xoCV'ww H N޼=4GoQP]ʌ,=}![3zxyu?qBΛٽ[o5e'37+۝tNimơ8  Nt,$$yUZ/U3$]ve%]o Vx 0M3}ݺJfZKni^x w4>g[1rfwaoG{~mq.e~W(Ro.-\,s<5P#v9ދsq82ρqV#y6K`!jv.b;K &bi4W3[T=}[v?sDxj Yj4&K-;zlor:߇L?G OFxV79vf#81^Id=h<|nwcLlll4RbШLq]j9٢prP\k9>m` ܭTzT Tv>}" cs42v|jò/ wqgPZonz(9hĄkތ).>7>~odk>P ><'`gp1/_=ݮʋK%EL@[NVeCg0jbY8n?t̓>^ޠ } |p`~ANhW%mW<yR)x(J,][)JYRIؖAch:&Y=l8J>A LQ~BtQ q<;@I `$]}-jy!,Drַ( $*)MiR"c/^KצkROhM!LuCx߄`h2FR_P Zt/*$t?plyMSX.`;A &-]:RCaYk%G\ x?  K'xȓCXcl[ $\6K vO{̺!^* X!ϗ?,`l0 C$䛐[O@$6p}ۊ;MҔMɧJN(g/8L͔6iC-JD`H^NZ7fU [(@PKg{5F7H-A[k(QIh-IL`P@%(ߘV$yOU$Eس2 머zcJJJJ{JJcx8r3qFrݙYj@R\"';5bέ\L B$D Hb^W/soQcL?,t%0d ՟QyC^X_U|ym|8Ix! 7lʊHXۡg`Z6u}RB)XGܧKˇ)^zѫGy/5 =M Jp x]hrnHYů>b4{q+ѵcQ9L&:tTb"cH1RT ._󞊴ِF_n{br.mB2e''73J!:V#=+Qۡ-;G"YC/_[mP@bw0ϝ0\{J]E8h=RɱN=_;v/_6&apC{E&h 1=&[Wِx*s#1z}kzUHI{bNl:vWBHBwcwcwcwc3^ϩ빃 ǷrXU9oe7sg@,sL֗> CYJXOtq&_rN9:zJ- lN€'oTHB/d9+^κ9Rl0 m͓Vv;HUPq~U}(cy-j_gg^5/%e4u\?Uo f_"etr8_Lj( )xelM_QL=6[7o;Hvjme\奙$=mZA˽=V4" mX[`cXgEjq{Ow]@VD[][ˮ#{tх^orY8+VBˬewbr{,GӼy3у= ʬ+:$Q3 ƹ;a:EX2-S gfGEP"jpeB%`=yW`Av|woױw1~ _-px@V_kċ^_FB‘G}cD˼ ˚/Nܓ atnh-b= D?\<9G!?6>CaG{N>c{Ck3.NdC"xtmOӪ{ ek>¨7jE_A-(iҡ3O?5 1Ӑtp'u8xñJ_ypnXPAft~D):?><-Y?͠䷿T}dGQ>.s ^2QBQ Q?DO̩ {@ I¢tOn 2E $H\t1U<;@"垟B~n~Yݵf#𭛊Z-gsnb+^]Ԑ5X##)ȁΏ9g`*Dz'NRg=D ǹp`,%'0-gGt+I#샒=%hcF? ,Qx](Ds-?:.)͗ķĖFXh"ZOx$ǍY./>%l?QX2Pn/͛I~o[ C#mΏ95͂Eߊ tEs95|S(r~z?b IQ,:-~y=^^@F3 n ߨ"r\Io$TG Ϯ'R(MAi>Ũt~msP!Vy ?׶L8Vy wֵn&|:+'ֻh zR[o^3C'ܬDMn.;n4L:b'!Bc,k7w,^ }I[ `mj|eXx>IܲzB9IfS7jR m퐟cO:.{ؑժTjQܣ@VTiî#_P%9h;/ 4TO4gG=yԑ8nxJZP-F=lVa*e&BϜP̓i%>(BAdӓR~'L/( pv|jXo7jz&1zX+襍ҵDŽ8N DF|o%5Foq{e>d1әkҩ H Wkn2R)5?S\mD 96Z_a8busΩ}?5r1c%'evun0L|%U$x[hhw;IL &'Grۺm{6~ ҡ23?b)_6b~mz^ 9poDis\tɽB ]P] aW,Č\>dF+5mFt\j< 4|uL!w(W' #n$YZmI &{|>ߖ{݋xR(?hUea(;Zנ5 _]i_88?AnIi`{ 󧃏Mk5aT0|LCnmx+{VzK";{QtڀkcfE~:xd:6ȝCRY `Oi$}NK1EB4]qE# `J(zhM뵮haCtf(M?>mGT0G>4x ?ߣ 'l IEeE.^ݟ{ A#nn<ٟ 0n?EpVБ`%b'r) kח]e_)e1 h0*ejѝU KqL 2@k8%{ߟ]j&[րᑰ5"t򳉁{t39̣2qts\jJ/ZsB4_ DCt};1ACfp)4fTՊR SB`j_)5C [DU|.Uqn?o 4!W)WPh r##vGCT(&G|TBz،X\{ݾ昫7?5iVt?uWv;7x Zҷptԭsi~>\}>i_ۗ\`%FoT湾xQ(;KzYqbzʌTNc.ͅdEh,Y3U94dG_1=Te<> v| D0/& F^ ÀecD l^]- ī#x]j12;Ztt{r:h) чZQe #a:oH粕*5/6΁3?@_!׌kȿ^Jmdw [4[ǐ:sSiFO?Bg\:͌|_;hi_fC?t3?C<>v_d_d^ds E/>/2">G/3 ?eAYF? {1?s w1'? ɐ/W@Wq2_\gO诗AAVA_ SV>S>>eo~o2ڿh&k$eCnNp2KQ /Wa uy@~Nɠ2lc2\.2sܿw2~6RAm_w}иCJWTĚYcPS4MDBpF` @2 <9KqN]SKt=doz[nqƠFh;R#9w6EM++J9wwr͞rc=2(.#&T$`rX엊|((R|F!e~iī9 C8b{hǀ[ɖE/=@/#Уc_|be jfⅲhQKp^%vŐb0}3OO}g~=qt XN :?çvUɤi!ɮTmkB]'mƞLpP瞅gAkj tdK;->z'| tK2+c"m{nfCt9drqc# IxLˆkÉ*\fAL zHUAֽ 'F想Fo 9 [2aѾY{nD8k?=-i5|qu~m@7>l:#?-\mgtnCo,.vԙ%O_T3lf^͘&]P/!K wN/FvkN"BW< /w1 V@>Fѫ,XD3$0z̟]{Ġ)de h ki8`9o"sJ &A,L\>oy^D /)_HQq1^RXhsmqKu*ƻ |Bjc}` [BI<`-<~zH1|o,C䷦cS9>!mϠob/;MZK7۲"&\`)Hpk3GhRbPA0wY|6(68|%K' ϻ#GN(t{`<Lcc'L%[-˖0) m+%8C^<ԸQֺkL+,Xagh|~# nԱwO 7g}7ִ{.I dx_ODxƮ~ axi%dGxM(IU`c^?hFqoI W9:x-[ !J-˴6u¹":UsHَ h,8/ +tm;P?Ba1\HdGx kYoc5gxϷ;<v; sg'K_<ұy#VbmR>E ]f'[ڧ2й=-{ y[U,/{QAbF@8u쁢eD!a|^nїn)/ـ@ ֙ٛGm;qSr6r! l XGڢJ Q`[8~jb=x螁=e-{@7V0* ܊;NV Yf#1˧y 2i^:FfB^òMjl-g^^jtaÿ(ranvr"h^" 㡺_'VvLʙcSҼA5|ylR$ܨC]#Ay$O>A@`U3|f7ZЮ3,M'Sga+Eb2z(ͦ,1F. Aiv!  *#f" ZL+bB؉ZsR.)C395Eh>dS'@jF7\ d9Z\Kօu&vkώ|7~> \99.s@|/I›}XI|aAtiS<'B/Я, !{ĊGNť|Zxk'o? I'4.K%D=C= ͳa\'cF\O}jdw;1X7-=j8|lJaA y鑢&!t4!j4dA|g0m\}l6_*M4jV* wV|VtƢI26pz޳yg;+|(6lS24skjBjxTʉ~Y3J-q;?d¦[Hh ߑb/aղ'