Following numerous accounting scandals including Enron, WorldCom and Tyco International, the U.S. Federal government passed the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley, otherwise known as SOX, regulates financial accountability and information accessibility. It enhances standards for both public companies and public accounting firms. The Sarbanes-Oxley Act is designed to protect the interests of employees, vendors and investors. Any corporation failing to meet minimum compliance requirements, and any executive held accountable under its provisions, can now face criminal charges including, but not limited to, incarceration.
For those that do not know, SOX outlines several organizational and operational compliance mandates management must fulfill to demonstrate its control over financial reporting. These include external auditor affirmation as to whether or not the company and its management team has effective internal financial reporting controls in place and affirmation of the level of accuracy reflected in the company's financial statements. Extensive, and quite costly, regulations mean external auditors must clearly understand transaction flow. They also require routine fraud risk assessments, accurately evaluate and assess the effectiveness of internal, company-wide fraud detection and financial reporting controls.
Why IT Controls is So Important When Complying with Sarbanes Oxley
Just as significant as organizational and operational controls, if not more, so are the information technology mandates SOX introduces. Under the Act, ultimate responsibility for data management, security, reliability, integrity and accuracy reside collectively with the Chief Information Officer (CIO), the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO). Pursuant to Sarbanes-Oxley, the CIO is accountable for the systems that control and report financial data, while the CEO and CFO are accountable for actual financial reporting.
Electronic document archive and retention play a key role in SOX compliance, with everything from Word, Excel and PowerPoint files to instant messages and email communications in question. It's not enough anymore to simply store these documents. Public corporations must have an effective data management solution in place guaranteeing retrieval in a timely fashion. This means full lifecycle management, from document creation and retention to auditing and destruction. Under the Act, wrongful business record deletion can result in serious legal ramifications.
Here Are My Top Tips to Help You Comply with Sarbanes Oxley
While there are broad-reaching measures corporations could take to ensure compliance, the Act boils down to three core issues:
1. Documentation
2. Control
3.Accountability.
All corporations should take the following steps toward Sarbanes-Oxley compliance:
- Develop a corporate accountability structure ensuring proper oversight and ownership
- Implement a solid technological structure promoting effective and efficient compliance processes
- Invest in one, united, web-based financial and non-financial information source offering real-time, or immediate, access to applicable stakeholders
- Expand information flow and collaboration
- Document accurate and timely financial reconciliations using Excel, Access or other customized technology solutions
- Encourage employee evolvement and concern escalation
- Document IT systems' usage rules and develop a financial information audit trail
- Introduce in-house auditing procedures
- Implement risk-rating processes for all financial accounts
- Understand and map financial reporting process, IT systems and internal controls
- Identify financial reporting, IT and internal control risks
- Adopt a continuous improvement process
- Document and test controls
- Perform and update controls assessments corresponding with any financial reporting process changes
When corporations thoroughly understand Sarbanes-Oxley and implement strategic processes within both the IT and finance departments, they not only ensure compliance, but they also promote fairer, more uniform disclosure practices and clearer accountability lines.
About the Author:
Data Protection Expert, Tim Rhodes has helped hundreds of companies just like yours protect their most valuable asset online. Now, you can discover if you’re doing everything you can to
prevent information loss with Tim’s Free Risk Assessment Quiz. Take the FREE QUIZ now at: http://www.webargos.com/quiz and see if your company is at risk!
