1 / 15

IT & Sarbanes-Oxley

IT & Sarbanes-Oxley. Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset. Introduction. Corporate & Accounting Scandals Public confidence Signed in July 30, 2002 Reach. Titles. TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD TITLE II—AUDITOR INDEPENDENCE

Download Presentation

IT & Sarbanes-Oxley

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT & Sarbanes-Oxley Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset

  2. Introduction • Corporate & Accounting Scandals • Public confidence • Signed in July 30, 2002 • Reach

  3. Titles • TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD • TITLE II—AUDITOR INDEPENDENCE • TITLE III—CORPORATE RESPONSIBILITY • TITLE IV—ENHANCED FINANCIAL DISCLOSURES • TITLE V—ANALYST CONFLICTS OF INTEREST • TITLE VI—COMMISSION RESOURCES AND AUTHORITY • TITLE VII—STUDIES AND REPORTS • TITLE VIII—CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY • TITLE IX—WHITE-COLLAR CRIME PENALTY ENHANCEMENTS • TITLE X—CORPORATE TAX RETURNS • TITLE XI—CORPORATE FRAUD AND ACCOUNTABILITY

  4. Key Provisions • SOX Section 302: Internal control certifications • SOX Section 404: Assessment of internal control • SOX Section 802 Criminal Penalties for Violation of SOX • SOX Section 1107 Criminal Penalties for Retaliation Against Whistleblowers

  5. SOX Section 404 • Management must report on the effectiveness of the company's internal controls over financial reporting. • A statement of management's responsibility over internal controls • Management's assessment of the effectiveness of the company's internal control • Identify the framework used to evaluate controls • State that their auditor has reported on their internal controls as well www.sec.gov

  6. SOX Section 404 • In today’s business environment IT systems initiate, process, and report most financial transactions • Because they are so involved in the day to day financial transactions, the IT systems become key to financial reporting • Making the controls over the IT systems key to financial reporting as well IT Governance Institute, 2006

  7. SOX Section 404 • Management is required to implement an internal control framework. • COSO is most widely used framework for SOX compliance • Pays little attention to IT controls • COBIT is one of the better known frameworks that relate to IT controls IT Governance Institute, 2006

  8. Key Controls • Controls that are key to ensuring that the values on the balance sheet are accurate and reliable • Database triggers entry in general ledger. • System to ensure emails are sent • IT Auditor ensures that they are effective, reliable, and reproducible

  9. General Controls • Controls that go across all IT systems and are essential to ensuring the integrity, reliability, and quality of the systems • Security Policies • Change Management • Administration of Duties/Rights

  10. Administration of Duties/Rights • Separation of Duties • Individual Permissions Roles • Least Privilege • Individual only given privileges needed to do their job • User Provisioning • New users set up with correct privileges • Standard profile for each user

  11. What if these 3 principles are not in place? The IT system has failed to meet SOX Compliance The Auditor must: • Note the exception • Flag it up to Management for remediation

  12. Strategies for Sarbanes-Oxley Compliance • Understand SOX requirements • Set aside sufficient resources • Get everyone involved • Create independent audit committee • Educate everyone • Evaluate auditors • Make required changes • Prepare for the future Source: www.afponline.org

  13. Impact of SOX on IT and Management • Risk Assessment • Control Environment • Control Security • Monitoring • Information and Communication Source: www.answers.com

  14. Impact of SOX Risk Assessment • Areas of Risk • Examination of systems • Accuracy of Documentation Control Environment • Effectiveness of IC’s • Tone of Organization • Control Environment Factors Source: www.answers.com

  15. Impact on Sox Control Security • IT Security Monitoring • Processes and Schedules • Internal Audits Information and Communication • Timely and Accurate Information • Communication to Management Source: www.answers.com

More Related