Guidelines for Compliance with Sarbanes-oxley

نویسندگان

  • VASANT RAVAL
  • RATHER THAN
چکیده

Over the past few years, cases of miserable failure in corporate governance have shocked the financial world. Enron and WorldCom are just two examples of how a few people in a position of power can cause unprecedented damage to hundreds of thousands of people, including investors, employees, and retirees. Lessons thus learned created a wave of regulations, the most significant being the Sarbanes-Oxley Act of 2002, the first major overhaul in the area of securities since the Securities Exchange Act of 1934. A reading of piles of pages of the act and its numerous interpretations does not reveal any explicit links between information resource management and corporate governance. After all, how you comply with the act’s provisions is not dictated. However, a careful study of the act and its requirements suggests that, in the absence of information technology’s involvement, some of the measures one might select to comply with the letter of the law may turn out to be ad hoc, isolated patchworks rather than integrated solutions that yield long-term benefits. Information executives are used to their role in compliance of regulations. HIPAA (Health Information Portability and Accountability Act) is a recent legislation that requires systemic steps to ensure data security and information privacy by covered entities. Aside from regulations, information executives have seen the transition to Euro as a force behind system-wide revisions for some, and Year 2000 (Y2K) compliance to ensure that systems are viable in 2001 and beyond. Such changes impact many systems and applications in various organizations, and to accommodate them is a part of the role of information executives. The Sarbanes-Oxley Act (SOA) applies to those corporations (in the United States and abroad) whose securities are publicly traded on the U.S. financial markets (e.g., NYSE and NASDAQ). The spirit of the provisions of the act is to require the issuer of securities to create a risk management model for its stakeholders, mainly the investor. In this regard, even for a non-publicly traded organization, some of the provisions of the act might be helpful to review and, if appropriate, implement. SOME OF THE MEASURES ONE MIGHT SELECT TO COMPLY WITH THE LETTER OF THE LAW MAY TURN OUT TO BE AD HOC, ISOLATED PATCHWORKS RATHER THAN INTEGRATED SOLUTIONS THAT YIELD LONG-TERM BENEFITS.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Sarbanes-Oxley: Achieving Compliance by Starting with ISO 17799

Compliance with the Sarbanes–Oxley Act of 2002 (SOX) has been hampered by the lack of implementation details. This article argues that IT departments that have implemented ten categories of IT controls provided by the International Standards Organization (ISO 17799) will be well on their way toward SOX compliance. A side-by-side comparison of the 124 control components of the ISO Standard and t...

متن کامل

Compliance-Appropriate Spreadsheet Testing

Sarbanes–Oxley compliance requirements have forced firms to look at their use of spreadsheets in financial reporting. They are finding that they have many spreadsheets and that testing and other formal development disciplines are rare. The literature on spreadsheet errors has shown that without strong controls, most spreadsheets will have material errors; this means that firms that use uncontro...

متن کامل

A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process

The Sarbanes-Oxley Act introduces a new set of requirements into software development. Corporations need to assess their internal control effectiveness for business processes to show compliance with the act. This paper proposes a conceptual framework for integrating SarbanesOxley compliance needs into software development by mapping the activities of an established framework for internal contro...

متن کامل

Applying Semantics to Sarbanes Oxley Internal Controls Compliance

The advent of regulatory compliance requirements such as Sarbanes Oxley Act has forced enterprises to set up a process for managing an effective internal controls system. We propose the introduction of a semantic layer in which the process instances are interpreted according to the required compliance controls represented as rules. We analyze in this paper the requirements for the implementatio...

متن کامل

Diffusing Management Information for Legal Compliance: The Role of the IS Organization Within the Sarbanes-Oxley Act

Information systems are vital to successful compliance with Section 404 of the Sarbanes Oxley Act. However, there is little published academic literature which reports systematic studies that explain how IS organizations implement 404. Institutional theory was adopted as the lens through which to examine the experiences of 404 implementation in three global organizations. The methodology for th...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2002