Sarbanes Oxley Issues

advertisement
The Age of Compliance
How Sarbanes-Oxley affects IT
management
The Fall of Enron
•
•
•
•
Filed for Bankruptcy December 2001
Accounting errors = $600 million
Special Purpose Entities (SPE)
Andrew Fastow (CFO)
The Demise of Andersen
•
•
•
•
•
•
Strong beginnings
Role change for Accountants
Increase in non-auditing services
Cover-up
WorldCom debacle
Not alone on the corrupt auditing front
Sarbanes-Oxley Act
• Architects:
– Senator Paul Sarbanes
– Representative Michael Oxley
• July 30, 2002 – signed by President Bush
PCAOB
• Public Company Accounting Oversight Board
• All accounting firms must register
• 5 member board
– 2 CPA’s
– 3 non CPA’s
• First Chairman – William Webster
• Current Chairman – William McDonough
PCAOB
•
•
•
•
Review existing standards
Review attestation of internal controls
Set new standards
Authority to investigate and discipline
Auditor Independence
• Non-audit services for auditing clients are
no longer allowed
– Bookkeeping
– IS design
– Any other consulting services
• Rotate partners every 5 years
• No ex-audit team executives
Internal Audit Committee
•
•
•
•
Not on the company bank roll
Select and compensate auditor
Oversee the audit
Resolve issues between auditor and company
New Requirements for execs.
• Statement of appropriateness
– Financial statements and disclosures
• Section 404
– Internal Control Report
Internal Control Report
• Management responsible for IC
• Assessment of effectiveness of IC
• If material weaknesses
– Must disclose
– Can’t issue internal control report
• Compliance dates
– November 15, 2004 (> $75 million mkt caps)
– April 15, 2003 (< $75 million mkt caps)
Disclosures
•
•
•
•
•
Material Adjustments
Off-Balance Sheet transactions
Company – Executive transactions
Financial expert on Audit Committee
Code of Ethics
White Collar Crime Enhancement
• Keep audit papers and email 7 years
• Destroying files = felony
• Securities Fraud
– Statute of Limitations increased
– Maximum imprisonment increased to 10 years
• “Whistleblower Protection”
White Collar Crime Enhancement
•
•
•
•
Mail/wire fraud increased imprisonment
SEC can prevent felons from exec. Positions
SEC can stop oversized payments to officers
Financial Statement fraud
– $5 million
– 20 years imprisonment
Pre Sarbanes-Oxley
• Flexibility
• Loosely defined policies
• Unsegregated responsibility
Initial Reactions
[I] doubt if the CIO would even be interested
-Patrick Kiernan; senior financial systems analyst
Companies that don’t involve the CIO are
simply missing the point of the legislation
-Tom Patterson; KPMG senior manager
Forced Changes
• Role of CIO changes
• IT departments shift focus
Compliance Issues
• Infrastructure
• Software
• Storage
• Outsourcing
Infrastructure Issues
• Network integrity
– Increased dependency on open IP network
– IP guidelines are in an “embryonic state”
• Lack of security Policies
Steps in Addressing
Infrastructure Issues
• Update financial transaction and reporting
systems
• Document proper maintenance procedures
• Develop policies for making adjustments to
financial systems
Software
• Aid in Compliance
• Developers include
–
–
–
–
Oracle
Redmond
OpenPages
Concur
Data Storage
• Develop written police for retaining and
storing data
• Maintain records for seven years (recommended)
– Three tiered approach
Outsourcing
Use of service providers doesn’t reduce the
responsibility of corporate executives
from maintaining effective internal
controls
-Public Company Accounting Oversight Board
Evaluating Controls of
Business Parrners
• SAS 70
– In-depth examination of internal controls
– Service offered by accounting firms
• Satisfactory SAS 70 Type II Audit
– Likely to meet Sarbanes-Oxley requirements
– Mitigates Risk
Benefits
Comapnaies with well run compliance
processes enjoy share-price premiums,
competitive advantages, improved
moral, and reduced risk
-Steven Lindseth; Chairman of Axentis Inc.
Costs
• Loss of control
• Loss of privacy
• Project delays
Career in a
Compliance Driven Era
• Expanding opportunities
– Systems auditing
– Storage experts
• Skills That could give you a competitive advantage
–
–
–
–
Understand control objectives
Exhibit professional skepticism
Comprehension of basic components of Sarbanes-Oxley
Maintain a basic knowledge of accounting terminology and
accounting systems
Download