Add to collection(s) Add to saved
  1. Social Science
  2. Law

Sarbanes-Oxley - Law-on-Line

advertisement 
Sarbanes-Oxley (SOX)
John H. Messing, Esq.
Law-on-Line,Inc.
Providing 3 E’s -- E-Security, Encryption, E-Signatures
3900 E. Broadway Blvd., Suite 201
Tucson, AZ 85711
(520) 547-7933
Email: johnmessing@lawonline.biz
Copyright JHM 2004
Sarbanes-Oxley Act of 2002
Federal law. In a nutshell (for our purposes):
• Don’t keep multiple sets of books
• Don’t cook the books
• Make sure your computers aren’t/can’t be used for these
purposes [and are safe].
Applies to all publicly held corporations
• Management
• Outside auditors
• Other professionals
But the impact is becoming much broader
Titles Covered
I. Public Company Accounting Oversight Board
II. Auditor Independence
III. Corporate Responsibility
IV. Enhanced Financial Disclosures
V. Analyst Conflicts of Interest
VI. Commission Resources and Authority
VII. Studies and Reports
VIII. Corporate and Criminal Fraud Accountability
IX. White Collar Crime Penalty
X. Corporate Tax Returns
XI. Corporate Fraud and Accountability
Key provisions
Section 302 requires that the Board’s rules mandate that
•
“the signing officers have disclosed… all significant deficiencies in the
design or operation of internal controls which could adversely affect
the issuer’s ability to record, process, summarize, and report financial
data and have identified for the issuer’s auditors any material
weaknesses in internal controls; and any fraud, whether or not
material, that involves management or other employees who have a
significant role in the issuer’s internal controls.”
Section 404 mandates that the Board’s rules require that
•
“each annual report… contain an internal control report, which shall…
contain an assessment… of the effectiveness of the internal control
structure and procedures of the issuer for financial reporting.”
Basic Obligations
• Top management certifies the accuracy of
•
•
•
•
financial data and the controls used for reporting
it, including whether there are “material
weaknesses” in the controls.
Auditors either confirm the effectiveness of the
controls or state the material weaknesses.
Can be severe penalties for violations.
Disclosures of material weakness could undermine
investor confidence, lowering the stock price.
Whistleblowers are especially protected.
Disclose “Material Weaknesses”
• Disclosure controls
– Section 302 scope is unclear – some commentators see
it as broader than just internal controls.
– May include requirement to disclose Worms, Viruses,
DoS attacks and compromise of Personally Identifiable
Data of others.
• Internal controls under Section 404 have been
interpreted as also referring to controls on the
underlying computer systems used for financial
reporting and not just to financial aspects of
reporting.
E-Security
Protect financial data from:
• Corrupt insiders
• Unauthorized parties
• Hackers
Substandard processes may facilitate or hide corporate
wrongdoings
Disaster recovery may result in intentionally substituted
data
Duties to Protect Data
Establish, monitor, verify your e-security controls
• Leaving it to others is no longer enough
• It is more than due diligence
– Evaluate the design
– Examine the controls
– Examine the processes
– Disclose and monitor changes
Review and evaluation by auditors
Emerging eSecurity Standards
COSO (Committee of Sponsoring Organizations) Integrated Framework –
– Primarily financial and not IT
– Recognized by the Public Company Accounting Oversight Board
– Ambiguous reference to access
COBIT (Control Objectives for Information and related Technologies)
framework
– IASACA (Information Systems Audit and Control Association)
– Designed to address IT controls not specifically mentioned in COSO.
IASACA efforts to integrate as well:
• ISO 17799 standard (Code of Practice for Information Security
Management)
• ITIL Information Technology Infrastructure Library
Example Report1
1from:
Byrum, The Impact of The Sarbanes-Oxley Act on IT Security (2003)
Example Report cont.
Analysis (SANS Institute)
SOX as eSecurity Best Practices
Spreading from strictly financial reporting
• Likely to be incorporated generally by law or contract for
anti-fraud purposes in all types of:
– Income reporting
– Asset valuations
• Examples:
– Insurance
– Valuations of properties
– Royalty payments
– Lines of credit
– Negotiable paper
– Reports of expenditures under grants
Related documents
Scrip Dividend – Chapter 13
Scrip Dividend – Chapter 13
One Way to Analyze a Research Paper:
One Way to Analyze a Research Paper:
Consent for Internet Communications
Consent for Internet Communications
“Going Private” Transactions
“Going Private” Transactions
Contents • Assurance Cases for Medical Devices
Contents • Assurance Cases for Medical Devices
E-Security By Leif Gamertsfelder Senior Associate Deacons
E-Security By Leif Gamertsfelder Senior Associate Deacons
Keeping it Simple: E-security Education in Australia
Keeping it Simple: E-security Education in Australia
This Chapter sets out the requirements that apply to circulars
This Chapter sets out the requirements that apply to circulars
Payment Systems Assignment 14
Payment Systems Assignment 14
Multilateral CSA Notice of Publication and Request for Comment Disclosure of
Multilateral CSA Notice of Publication and Request for Comment Disclosure of
Document10387647 10387647
Document10387647 10387647
International Telecommunication Union
International Telecommunication Union
Download
advertisement