In the beginning, the American Institute of Certified Public Accountants (AICPA) gave the world Statement on Auditing Standards (SAS) No. 70, Service Organizations. An organization that has passed a SAS 70 audit has proven to an independent auditor that its control objectives and control activities, including controls over information technology, meet the requirements of SAS 70. Of particular note here is that SAS 70 requirements cover controls and safeguards for hosted and processed data belonging to customers.
Further, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
For you, me, and everyone else you know who isn’t an accountant, SAS 70 is a mouthful and then some. And we’re only bringing it up because, like Brussels sprouts, it’s good for you. And us. You see, Journyx passed a SAS 70 Audit back in January and we wanted you to know.
If you are part of a publicly-traded company whose future might just include a little tango to the Sarbanes-Oxley tune, you’re likely just relieved to hear that Journyx is SAS 70 certified and would like to move on to some other topic, like puppies, root canals, or a post-modern deconstruction of Crime And Punishment. But if you’re not in that type of company, you’re probably wondering why this matters to you. The answer is simple.
Fundamentally, passing this audit means that Journyx is safe to do business with. It means we don’t hire felons. It means we treat your company’s private data (credit cards, employee information, you name it) with extreme, even fanatical, care. It means that we have a documented software development process that includes version controls and excludes dubious code from Sneaky Pete’s Internet Script Shack. It means our hiring, firing, accounting, IT and other processes are strong enough and proven enough that accountants are okay with them. Seriously, actual accountants. And accountants are notoriously picky (sorry, Dad).
Oh, passing this audit also means that, if you’re using Timesheet SaaS, you don’t have to worry about proving that your time and expense solution is SOX compliant. So if you wind up facing a Sarbanes-Oxley audit you simply point to the fact that Journyx passed its audit and move on to other areas.
So, let’s summarize. Journyx passed a SAS 70 audit. This is great news no matter who you are. It means Journyx is a company you can trust. We always were. It’s just that now we’ve got the paperwork to prove it.
You can also find out more about Timesheet and compliance issues on the Journyx website.