sarbanes oxley (SOX)
DownLoad Link at the Last:
Youtube Video Link:
Youtube Video Link:
SOX ( Sarbanes OXLY)
What is SOX?
SOX provides the foundation for new corporate governance rules, regulations & standards issued
by the Securities and Exchange Commission. SOX also covers issues such as independent auditing
requirements, corporate governance, internal control assessment, and enhanced financial
disclosure.
CEO’s of publicly traded companies will be held accountable for the quality of the controls
established which enable accurate Financial reporting (including IT processes, systems & roles).
It shows how internal controls can be established by seniors management using a governance
analysis framework(GAF)
Penalties
Section 802(a) of the SOX states: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not
more than 20 years, or both.”
What prompted SOX?
Sarbanes-Oxley was passed in the wake of a number of notable corporate accounting scandals
including Enron and WorldCom.
SOX on the horizon?
The primary thing to remember is that SOX is about mitigating the risk of fraud, financial transparency and process control. This will change how you do things but that does not have to be a bad
thing.
A hint on policies.
Bear in mind that you will be held to the letter of all policies your company develops related to SOX even if they exceed federal requirements. This is very important to remember when drafting policies.
Policies should ensure that corporate behavior is consistent, controlled, and can be proven.
A word on Frameworks
There are many frameworks out there to assist you with SOX compliance. The key is to find a
framework that works for your team, commit to it, train on it, and use it to your best possible
advantage.
Examples of COBIT Controls
Examples of COBIT Controls
Examples of COBIT Controls
Examples of COBIT Controls
Examples of COBIT Controls
Management support/buy in – Executive level oversight of projects related
to IT.
IT as part of strategic planning – The business must be supported by
technologies.
Perspectives on operational control, consistency, and quality take on a whole different meaning once they have a clear relationship to fiduciary responsibility.
It is amazing how different the conversation about project prioritization
becomes once executive management are offered the opportunity to make
decisions guiding it.
Responsibilities Imposed by Sarbanes- Oxley
The Sarbanes-Oxley Act of 2002 (also called Sar-Ox or SOX) assigns responsibility to senior management of public and nonpublic organizations in the United States.
Typical examples of the difficulties that face senior management to ensure they support SOX are issues related to internal control over financial reporting of public companies and issues related to judgments and estimates that may change over time.
The required internal controls vary from enterprise to enterprise.
internal controls are determined by its business activities and processes as well as its financial controls.
They are closely related to the IT systems and databases that the enterprise uses for financial and other reporting.
For example, a simple test that can be applied in an organization is to ask
staff why they carry out a specific business process, financial or otherwise.
Typical Internal Control Questions
For complete satisfaction that internal controls have not only been implemented,but also work in practice throughout the enterprise, senior managers need to show that answers are available for management and audit questions to determine SOX compliance. These relate to key resources that
are needed, such as data, business
activities and processes, locations, people or business units, and events. The answers
should relate back to strategic and tactical business plans that have been
defined by
management as follows:
Typical Internal Questions
For data: What do the data represent? How are the data processed? Where are they used? Who is
responsible for the data? When are the data used? Why are the data needed? Do these data
support the strategic and tactical business plans?
For processes: How do we execute our processes? What data do they use?Where are they
processed? Who is responsible for the processes? When are these processes used? Why are the
processes needed? Do they support strategic and tactical business plans?
For locations: What data does the location need? How are processes executed in the location?
Who is responsible for the location? When is the location involved in key events? Why does the
location exist for the enterprise? Do the business plans for each location support the strategic
and tactical business plans?
For business units or people: What data do the business units need? How are key processes
executed in each business unit? Where is each business unit located? Who is responsible for the
business unit? When is the business unit involved in key events? Why does each business unit
exist? Do the business plans for each business unit support the strategic and tactical business
plans?
For business events: What data does each business event need? Which processes are initiated by
each business event? Where do business events occur?
Who is responsible for these business events? When do they occur? Why do they occur? Do the
business events support the strategic and tactical business plans?
For business plans: What data do the business plans need? How do processes support the business plans? Which locations do the business plans apply to? Who is responsible for these business plans? When does each event occur that supports the business plans? Why do the business plans exist? Do tactical and operational business plans support the strategic plans?
Managing Internal Controls Using Enterprise Architecture
These are simple internal control questions: what, how, where, who, when, andwhy.
If controls are in place, these questions should be capable of being answered from the different perspectives of management and staff levels in an enterprise.
The answers available to senior managers (as the planners and owners of the enterprise) are likely to be less detailed than those needed by middle managers, business experts, and IT staff (as the designers and builders of the enterprise).
It enables business experts and IT staff, working together, to establish and define internal controls as systems to support key business processes and databases that are needed for internal control reporting.
It is the responsibility of senior managers—enterprise—to define the objectives and scope of the internal controls
Senior management involvement in enterprise architecture for SOX internal control reporting is
missing in most enterprises today.
In the past, the absence of these controls has merely been embarrassing.
What is needed is a governance analysis framework that is both easy to create and easy to use and that can be used to obtain answers for relevant internal control reporting questions.
Download Link:
0 Comments