Sarbanes-Oxley: where Information-Technology, Finance and Ethics Meet BY Margaret Muturi Contents • Brief History • Objectives of Sarbanes Oxley • Test book questions • Current information • References • Question & Answers Sarbanes Oxley History • Came in to force mainly due to financial scandals committed by cooperate giants like Enron, WorldCom, etc • Created by U.S senator Paul Sarbanes (D-Maryland) and US congressman Michael Oxley (R-Ohio) • It was signed into law July 30,2002 to become Sarbanes Oxley act of 2002 (Sox) Objectives of Sarbanes Oxley • In response to companies like Arthur Anderson, Enron WorldCom scandal the SOX Act seeks to : • Restore the public confidence in both public accounting and publicly traded securities • Assure ethical business practices through heightened levels of executive awareness and accountability • Creating of the public accounting oversight Board (PCAOB) • All audits report or related materials must be kept by the auditor at least 5 years • Make sure there are financial controls in place Case study question 1. Define the relationship between Ethics and Sarbanes Oxley Act • Code of ethics structure for finance personnel in respect to conflict of interests –control environment • Whistle-blower protections • Cheques and balances • CEO and CFOs must certify in any periodic report the truthfulness and accurateness of the report-creates liability Case Study Question 2. Why is record management an area of concern to the entire organizations • Information and communication: making sure the right people have the right information, • making sure no alteration of falsifying of records • Who has access to the information - Internal controls section 404 • Management controls • Section 802 of Sarbanes Oxley: _requires public and their public accounting firms to retain records, including electronic records that impact the company’s asset or performance. Case Study Question 3. What are two policies an organization can implement to achieve Sarbanes Oxley compliance • Internal controls: Who has authorization and access to information • Management oversight: This one of the key area of SOX. Making sure that the management knows who has the right authorization to the information. Case Study Question • 4. Identify the biggest road block for organizations that are attempting to achieve Sarbanes-Oxley compliance. • Training • Very expensive to implement • Challenging on segregation of duties • Creating oversight in different systems Case Study Question 5. What type of information systems might facilitate SOX compliance • System controls: where there is limited access of information which is only available to authorized personnel. • Change management controls: whenever there is change in the management the organization can change the software or information of the software codes. Case Study Question 6. How will electronic monitoring affect the morale and performance of employees workplace? • Employees may not be motivated • Invasion of privacy • Employees trust at work place compromised • Unethical employees trying to beat the system Case Study Question • 7. what do you think an unethical accountant or manger at Enron thought were the rewards and responsibilities associated with the job • Most of them must have thought as long as we keep getting paid, and our retirement accounts keep growing, we will keep our mouths shut • Whistle blowers afraid of loosing their job • Huge bonuses as long as the books reflected profits Current Information Since SOX was enacted in 2002 a lot of things have been changed to make sure the system work. • Updated software have been put in place example IT general controls (ITCG), control objectives for in information technology (COBIT) • Securities and Exchange commission (SEC) has imposed unprecented penalties enforcement of 10 million or more aganaist 115 parties • The whistle blower protection under occupation safety and health Administration( OSHA) Current Information • Anti -Sarbanes Oxley mood arises in Europe • Other laws have emerged example HIPAA • Cases of Fraud still being experienced for example current case of Bernard Maddoff In the US and his trading operation in London • The whistle blowers can make a difference and feel protected for example Harry Markopolos, the Boston based investor who was a whistle blower for Maddoff fraud. Work cited • Business Driven technology by Haag Baltzan Phillips • www.logicalsecurity.com/resources_sox.html • www.secutityfocus.com/print columnists/322 • www.mondaq.com/articles.asp?articleid=695&print=1 • www.naturalnews.com/z017131.html • Ezinearticles .com/?The-History-of Sarbanes Oxley &id=143573&opt=print • The Wall Street Journal • www.online.wsj.com/article/SB1233619899636241467.html • www.online.wsj.com/article/SB123681392137901653.html END • QUESTION & ANSWERS