Tuesday, July 13, 2010

Sarbanes-Oxley Act 2002

Objectives:
  • Protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws
  • Creating new standards for corporate accountability
  • Creating new penalties for acts of wrongdoing
  • Formalizing and strengthening internal checks and balances within corporations
  • Instituting new levels of control and sign-off designed to
  • Ensuring full disclosure in financial reporting
  • Ensuring full transparency corporate governance is transactions

Scope:
  • All public companies in the USA
  • International companies that have registered equity or debt securities with the Securities and Exchange Commission
  • Accounting firms providing auditing services

Main Architects:
  • Senator Paul Sarbanes
  • Representative Michael Oxley

Effective Date:
Signed on the law by President Gorge W. Bush on July 30, 2002.

Structure:
Divided into 11 sections called titles. Sections that are more pertinent to compliance:
  • Sarbanes-Oxley 302
  • Sarbanes-Oxley 401
  • Sarbanes-Oxley 404
  • Sarbanes-Oxley 409
  • Sarbanes-Oxley 802

Audit Requirements:
The Act requires all financial reports to include an internal control report.

Penalties:
  • Up to $1 million and imprisonment for up to ten years
  • Up to $5 million and imprisonment for up to twenty years for willful wrongdoing

Role of IT:
  • IT security is important under Sarbanes-Oxley act because IT being the backbone of all modern-day industries, it is in the core of the accuracy, reliability and integrity of that reporting. It is responsible for protection of sensitive user information too
  • Software design standards COSO (Committee of Sponsoring Organizations of the Tradeway Commission, 1985)and COBIT (Control Objectives for Information and related Technology framework, 1986)
  • SarbOxPro program offers standard libraries and interface

Some Online Resources: