Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 20, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Sustainable Sarbanes-Oxley Compliance

Solidcore
By : Solidcore
INFORMATION
Published : Nov 22, 2005
Length : 10
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with the implications of SOX to their businesses, one thing is clear: a SOX compliance program is not a one-time project but a sustained effort to gain visibility and accountability into business processes that affect the accuracy of financial reporting.

This white paper outlines the issues faced by IT managers in meeting their compliance requirements and explains how Solidcore can be a core component of a sustainable and cost-effective SOX compliance program.

View All Items By This Company
Browse Related Categories :

Sarbanes Oxley Compliance
 
The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with the implications of SOX to their businesses, one thing is clear: a SOX compliance program is not a one-time project but a sustained effort to gain visibility and accountability into business processes that affect the accuracy of financial reporting. This white paper outlines the issues faced by IT managers in meeting their compliance requirements and explains how Solidcore can be a core component of a sustainable and cost-effective SOX compliance program.

Complying with Sarbanes-Oxley.
The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents the most fundamental shift in corporate governance norms for many decades. In particular, section 404 is often talked about as being the core provision of SOX as it deals with executive management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company. It requires management to certify the adequacy and effectiveness of its internal controls and to disclose any material weaknesses found.

The key to a successful compliance program is to recognize the fact that Sarbanes-Oxley (SOX) does not simply require that adequate controls be established ? it requires the annual review of the effectiveness of those controls. In other words, achieving compliance is not a one-time event; rather it must be part of an ongoing process that needs to be sustained over time. Corporations that view the compliance provisions of Section 404 as a burdensome legislative mandate may not be making the necessary investments for a sustained compliance program. On the other hand, corporations that view compliance as a means to establish and maintain good process through a well defined set of internal controls and the automation of those controls are the ones that will be more likely to have a successful long-term compliance program.

The standard that most auditors use to determine adequacy of internal controls is the standard of due care. A company exercises due care if it follows current best practices for establishing accountability and measurability over its internal controls. If there is an incident in which an internal control is circumvented in spite of measures that meet the test of "due care", then the company is not liable for regulatory penalties (fines and other sanctions). However, the precise definition of "due care" is amorphous and changes over time. It simply refers to a standard of feasibility (most people should be able to do it) and reasonableness (the benefit should justify the cost for most people) by enough other companies.


Note that SOX is the most visible of a number of regulatory standards that have emerged in recent years. While we focus on SOX in this white paper, information about other standards is available in Appendix B.

IT Controls are central to SOX Compliance
In today's corporate environments, control over IT systems is critical to a sustainable compliance program. The US Public Company Accounting Oversight Board (PCAOB), which provides guidelines for auditors, issued a statement (Auditing Statement No. 2) that made this very clear:

"The nature and characteristics of a company's use of information technology in its information system affect the company's internal control over financial reporting." In the same document, the PCAOB goes on to stress the centrality of IT controls in an audit of SOX compliance: "To identify relevant assertions, the auditor should determine the source of likely potential misstatements in each significant account. In determining whether a particular assertion is relevant to a significant account balance or disclosure, the auditor should evaluate the nature and complexity of the systems, including the use of information technology by which the company processes and controls information supporting the assertion."
The remainder of this white paper will focus on building and maintaining effective IT controls to meet Sarbanes-Oxley requirements.
The conventional approach to establishing and maintaining IT controls is to exhaustively document IT processes and policies and increase the frequency of review. This approach, while it may meet the "due care" standard today, is costly, inefficient and error-prone.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map