The major things that IT managers will have to do differently when Sarbanes-Oxley becomes fully implemented and effective
On 30th day of July 2002, The Sabarnes -Oxley Act of 2002 whose intention is to give protection to investors through enhancement of accuracy and dependability of company revelation made pursuant to the laws of security together with other related purposes was applied as a reaction to the scandal that occurred of Enron and Arthur Andersen. The corporation offered glaringly fiscal statements that didn’t demonstrate the right returns in its statement of income and balance sheets. Enron was not alone; there were many other corporations that had the same outcome. The minimum prerequisite of this act is that an organization carrying out business ought to implement so as to offer a more accurate (in comparison with the earlier FAIR) balance sheet and statement of income.
The following section illustrates the degrees of the accountability and the task of the IT managers as they mutually share with the other executive managers of the company in the conformance of the least requirements to be met in the Sabarnes -Oxley Act.
Main Discussion
When the Sarbanes – Oxley Act get its way to full implementation and effectiveness, the IT executive managers ought to differently do most important actions. First, the Information Technology executive managers ought to advance or tighten the security in the company’s surrounding. Secondly, the information Technology managers ought to advance the continuance activities in order to keep the software programs free from virus attacks. Thirdly, the software program ought to substitute its finest estimates guideline in note taking of daily business dealings to an improved exactness in the assembly, collecting and analysis of data.
Improvement of company’s internal security
Computer users ought to be provided with accounts so that they can get access to resources through provision of s and passwords. Entry to the building containing organization’s sensitive Information Technology assets and data ought to be permissible to the authorized personnel only.
IT managers ought to improve the maintenance activities
Ensuring improvement of maintenance activities within the corporate implies that software programs and computing hardware are safe from viral attacks. Antivirus software has to be installed and these may include MacAfee, Avast, Kaspersky, and Norton antivirus. Another role that should be done to ensure ease of maintenance is setting up firewalls so as to block undesired websites, ads, and suspicious emails.
Best estimate policy replacement
The IT department ought to collaborate with the accounting department and other departments as the business organization substitutes its preeminent estimates policy in taking of day to day business activities to more exact in the gathering , collection and analysis of data . Bainbridge (2007) affirmed that the tendency is no longer to current fiscal statements such as the balance sheet and statements of income. Now, there is powerful stress to generate fiscal statements that are very exact with the aid of computer software with the initiation of the Sarbanes- Oxley act since Sarbanes -Oxley doesn’t necessitates the least requirements that CPAs (Certified Public Accountants) should have in accordance with the exactness of all resources that will serve as guiding principles on the infliction of penalties on CEOs and CFOs; and since the Sarbanes -Oxley act has much dealt on the cost-effective value of businesses’ intangible resources of all sorts, thus, exactness obtained via aid of Information Technology has turn out to be a business priority . Every the internal audit reports generated must assume the steps delineated in the Sarbanes Oxley act .
Reporting flexibility
Every company at one time needs to assess the effectiveness of its internal management system in entirety. Different groups of personnel have to be considered. For instance, controls related to accounts/sales receivable series or any of the ones affected by its ordering entry system may be sampled. The best software program programs available today in market has report generation abilities that are not questionable and the same ought to be matched by IT managers if business process management program is to be effective.
Manage your controls
IT managers also have to manage the organization’s control. Information Technology department has to be integrated with business needs in close proximity since there exists a direct link between business processes and IT controls. IT managers have to identify the controls that are business oriented and expected change.
Change management is the major lead to success for full compliancy. IT controls advance every time there is change in the technological infrastructure – every time there is a release of a new hardware or update, every time employee changes are carried out, or any other change that may occur. Auditors do in regular basis assess the effectiveness of Information Technology control and management processes. Control and management of change on continual basis makes you see the visibility that is necessary to guarantee security, compliance, and effectiveness.
On the same note, to guarantee successful audits, IT managers have to avail documentation of all controls and reduce them to a manageable and easily understood list. These controls should be in line with objectives of the audit and covers only compliance-critical controls. This assessment of IT control processes will help the organization to identify arising issues in good time.
Conclusion
Provided importance of the compliance, why do business organizations still fail SOX audits? Many business organizations fail because of failure to document control processes and event-driven methodology to compliance.
Who is likely to be affected by SOX compliance? Most likely the managers (those administering systems associated with fiscal or accounting data) are the most affected by the SOX. Many managers didn’t like it because they are constrained.
What are the penalties for compliance failure? It is obvious and this has to be made clear to those accountable for SOX audits that costs are fines, sentence, or both.
What is the role of IT in compliance? Many managers don’t understand the role of IT in SOX compliance. SOX guidelines states that audit trail of log files and all pertinent documentation should be retained for five years. It is true that impact of SOX is felt throughout the IT activities including data storage, messaging, networking, and virtualization.
References
Anand, S. (2006). Sarbanes-Oxley guide for finance and information technology professionals . Indiana: John Wiley and Sons.
Bainbridge, S. M. (2007). The complete guide to Sarbanes-Oxley: understanding how Sarbanes-Oxley affects your business . USA: Adams Media.
Ramos, M. J. (2006). How to comply with Sarbanes-Oxley section 404: assessing the effectiveness of internal control. New York City: John Wiley and Sons.