Sarbanes-Oxley Act of 2002 is will probably be known as one of the most significant change to federal securities laws in the United States since the New Deal. The act was passed after a series of corporate financial scandals made the national news, which included a slew of companies such as Enron, Arthur Andersen, and WorldCom. The most notable provisions of the act include such items as both criminal and civil penalties for securities violations, a push for auditor independence from the corporation, requirements that guarantee certification of internal audit work by external auditors, and significant calls for increased disclosure regarding executive compensation, instances of insider trading as well expanding types of information that must appear on financial statements.
Even though the act may lessen the burden of the consequences of unethical acts that the public has to bear, all publicly traded companies now have to deal with the formidable task of ensuring their business processes are Sarbanes-Oxley compliant. Auditing departments typically chose one of two different solutions to ensure their organizations reach this goal. First, firms implement a complete external audit of the company by Sarbanes-Oxley compliance consultants to determine potential problem areas in processes. Then firms generally also initiate a company-wide implementation of a specialized software system that can offer the all of the mandated regulatory digital paper trails required to assure that the organization can maintain compliance on a long-term basis (Solu Soft, 2009).
In order to comply with SOX requirements it is necessary that the technology is appropriate to ensure that accurate data is kept at each stage in the business cycle. It requires that records must be stored for long periods of time and in many cases existing databases must be merged into newer systems. The technology must also be able to make meaningful use of the data, provide for data integrity, and therefore a well-organized network system is critical. The information flow is usually a set of chronological and ongoing process that record transactions which must account for each business activity's data which can involve many complex business processes. Not only must the corporation have a system that allows them to use the data effectively to produce reporting functions for financial and managerial decisions, but will form a part of the accounting process if the accounting data is also incorporated within the same system (Open Pro, 2011).
The correctness of data is crucial for financial reporting and therefore the process of data capture and reconciliation is one of the most important functions of the technology in regard to compliance. Data manipulation is usually the primary method that organizations use to cheat the books. It is crucial that there is no possibility for data manipulation. The system must therefore be designed in a manner in which it is impossible to create any form of data manipulation, even in the case of an error, to ensure that digital records are not subject to manipulation by anyone in the organization.
Today IT systems have automated many of the business functions that once upon a time took a whole office full of people to administer (Pele-Sol, 2011). Thus the need for compliance to build in to record keeping is the first line of defense to compliance needs. Yet some of the IT professionals are not well knowledgeable about SOX issues or the concepts of internal control. However, the IT controls are very important in complying with the SOX directives; especially in the electronic age. The controls over the IT systems the users access, business process design, limiting and controlling access, the security and integrity of data, and the controls that administer the use of the system have all to be taken into account in redesigning the system.
The principal aim of creating a secure system must be to protect the integrity of financial reporting within the company; including any records that originate from fraud and mishandling. To ensure the data integrity the first steps must be to identify all the risk factors and threats in the existing system. This is usually undertaken with a reputable third party vendor who can assess the risks and vulnerabilities of a system with various tests followed by a report on the business impact analysis. It is not foreseeable how far these systems are implemented in regards to compliance in practice as well as how well systems builders understand the regulatory environment created with the SOX legislation.
You’re 84% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.