Stan Lepeak, Managing Director at EquaTerra, the outsourcing and insourcing advisory firm, examines the prospects for the outsourcing of compliance related activities in his article, “United States: The Impact of Regulatory Compliance Mandates on Business Process and IT Outsourcing.” (You may need to register to gain access to the story through Mondaq.)
What’s most practical in Mr. Lepeak’s write-up is his brief (but, as he admits, “far from exhaustive”) compliance checklist for businesses to use as a “starting point in assessing compliance readiness and requirements in an outsourcing situation”:
- Compliance organization and internal audit represented on the buyer sourcing team
- Corporate governance and risk management frameworks employed address and account for outsourcing requirements
- Ownership assigned to address outsourcing governance and relationship management
- Short-listed service provider’s Sarbanes capabilities and position understood
- Service provider’s operations undergone SAS 70 audits
- Geographic locations of potential service delivery centers known and compliance implications understood
- Who covers the cost associated with compliance testing and SAS 70 audits agreed upon
- Proposed contract calls out means to review, assess and account for future changes in the regulatory environment
Also useful: His reminder that in areas compliance related, the client is always ultimately responsible for ensuring that it is meeting compliance requirements (though the service provider can be held responsible, right alongside…). Mr. Lepeak proposes a possible scenario for dividing up responsibilities in this collaborative effort. Go online to get that.
