Wednesday, April 3, 2019
Sarbanes-Oxley Act: Advantages and Disadvantages
Sarbanes-Oxley dissemble Advantages and DisadvantagesDiscuss the strengths and weaknesses of the Sarbanes-Oxley (SOX) Act and describe how an IT subdivision can meet the challenge of implementing SOX residencyoer the past ten years we have been exposed to a series of financial scandals. The effect has been catastrophic and society has required regulation to curtail corruption. In 2002, the USA senator Paul Sarbanes and Representative Mike Oxley sponsored the Public caller-up Accounting Reform and Investor Protection Act. It is generally called the Sarbanes-Oxley (SOX) Act and was put in place in score to regulate the accountability of financial reports and bar trys occurrence However, the deployment of SOX compliance damages a lot of money, resources and efforts. It non and affects the finance segment, but in like manner the information technology (IT) department. The risk stripe and cost concern of SOX Act entrust be described in the first paragraph the pros and cons of impact control, backup and responsibility will be discussed in the next the strengths and drawbacks of certification control will be indicated after(prenominal) that then the challenge of an IT department for SOX compliance will be examined. Finally, a case study on the Enron scandal will be introduced. This see will help prove that the SOX dodging is worth the price nonwithstanding certain drawbacks and discuss how an IT department meets the compliance.It is worth preventing potential risks by effectively performing the SOX regulation in spite of extra costs and workload. To flummox with, SOX Act provides a guideline of congenital control for financial report to prevent any potential risk, all the financial events and accounting activities will be managing by this mechanism. Thus, the financial statements would be more than(prenominal)(prenominal) accurate and authoritative (Anand 2006 2). In addition, through regular internal and external auditing to ensure in that location has no unscrupulous behaviors in the financial operations. Consequently, the potential risks can be smeard and unethical behaviors can be prevented and deterred. However, the finance and IT departments essential cypher the expenditure of SOX implementation at the beginning and also invite to requital external accounting firms for regular examinations two year. The estimation of its cost was well-nigh USD 91,000 with an extra 383 man hours in 2003, and the cost is still increasing any year (Jahmani and Dowling 2008 59). Staffs have an increased workload by collaborate with consultants for the auditing. Those employees not only have to document routine activities, but also need to prep ar a lot of evidences for auditors investigation. Although employees whitethorn suffer through these additional tasks, both(prenominal) unprovided for(predicate) benefits will be gained from them as well.The transparency of funding gives a come with more integrity even thoug h some process transplants are required. The standard operating procedure (SOP) of each department must be documented, e excessly for those operations involve to financial activities and SOX compliance. Namely, the internal or external auditors will investigate any potential risk of process control according to the documentation. It is thought that the establishment of SOP and documentation would be an advantage to companies, because it demonstrates the agreement of a company and employees are slatternly to follow, and it also improves the effectiveness and efficiency of channel process. In addition, the segregation of duties is also a critical control point to the SOX compliance for the risk bar (Anand 2006 53). Employees are required to collect accounts to the dust administrator according to their responsibility, and opposite colleagues are disallowed to process information brasss through other peoples system accounts. Thus, every single detail is filed into the informati on system with regular backup solutions. It provides the traceability for auditors investigate any suspected issues. Conversely, companies may need to change business process flow and modify related system flow in order to align with SOX Act guideline. They must pay extra costs of business process re-engineering and IT staffs must enhance information system to meet those requirements as well.The regulation of security control will avoid inappropriate behaviors occurrence although employees may feel frustration. The IT department performs a very important occasion to assist and reduce the effort of manual jobs. However, they usually have more authorities in system to support user needs. For this reason, IT members are also divided into different intents, and those roles are usually separately assigned into server, database, security and application systems. Every change and modification must be authorise and documented into the system. Moreover, those changes must be regularly re viewed by the management squad in the change management run into (Sentt and Gallegos 2009 408). Thus, it will be more safety and the risk of system change can be diminished. In sum, employees have clear understanding of their roles and their performance can be substantially traced from the information system. Potential risks can be also minimized by the restriction of system design and security control. Despite this benefit, more staffs may need to be hired to prevent the conflicts of job duties, because employees cannot validate the triumph of segregation of duties. Finally, owing to those complicated restrictions of SOX compliance regulation, employees may feel jaw of against rules. They may prefer focusing on their routine tasks rather than extending their aptitude to involve another area because of risks taken.IT department often plays an important role of implementing SOX compliance for the information system perspective. There are some approaches suggested for an IT depa rtment to cope with the challenge of SOX compliance. To begin with, a sophisticated information system is fundamental in implementing SOX compliance. The Enterprise Resource Planning (ERP) system automatically calculates financial reports and its operations usually can meet Sarbanes-Oxley Act requirements (Pathak 2005 72). Next, the system change and program recitation control are also mandated. Therefore, the entrance of a change management system would be helpful for slaying these changes. In addition, cross check of those changes would help companies prevent any unexpected disaster as well as some frauds in purpose. Furthermore, system logs, backup solutions and security controls are also critical for an IT department meeting the criteria of SOX implementation. Ultimately, documentation is a basic element for the success of SOX compliance implementation. Therefore, system manuals, user manuals, transaction logs, security control sheets, schedule jobs and change request logs mu st be archived and categorized in the file system. In short, as long as IT department follows above guidelines, then it will not be difficult to meet the challenge of implementing the SOX compliance.Let us flat look at the Enron scandal, a crucial example not least(prenominal) because of its impact on the USA government and society. The aftershocks were felt globally. Enron was an energy company which supplied electricity and gas in the USA. This company was also providing bandwidth service, paper and surface commodities. However, those investments seemed not successful and profitable. Enron therefore had created a lot of overseas special purpose entities for hiding Enrons losses on their financial reports, and it had also created the semblance of profitability which was actually losing money. Besides, Enrons audit firm Arthur Andersen had a long margin relationship and it assisted Enron to hide losses by destroying related documents. Eventually, their cabal was exposed to so ciety due to revelation of a huge issue forth of undisclosed losses USD 586 million. The stock price had a dramatic lapse from approximately USD 90 dollars to 30 cents. Finally, Enron was filed bankruptcy in 2002 (Welytok 2006 26). People should limit the harmful from this incident, particularly the US government and the entire corporate must prevent such kind of scandal occurring again. Therefore, the implementation of SOX Act would be a good approach to curb corruption. The evidence shows that implementing and sustaining SOX compliance could minimize fraud or crime risk up to 95 per cent of a company, if that company performs it appropriately and effectively(Anand 2006 196). It demonstrates the significance and effectiveness of SOX compliance.In conclusion, there are several advantages and disadvantages for implementing SOX compliance in companies. First, financial reports would be more transparent and reliable through auditing controls, and potential risks will be reduced. N ext, both companies and employees will benefit from the creation of documentation. Because it meets SOX compliance and helps employees understand the business processes. after that, it is more safety for the restrictions of system account and authority, and those possible swindles would be minimized. Conversely, there are some disadvantages of SOX compliance to companies. First, SOX compliance implementation will cost a lot of expense, and companies have to budget for SOX auditing every year. In addition, the processes change of a company is inevitable to conform to the guideline. Furthermore, employees may lose their zeal for job due to the limitations of SOX Act, employees would become frustrated of involving the other areas. Finally, some strategies are advisable for IT department implementing the SOX compliance. For instance, a sophisticated ERP system can be easier to adapt the change of SOX compliance implementation change management and version control must be under control led preparing all documentations as possible as you can. Above all are basic elements for the success of SOX compliance implementation.Reference listAnand, S. (2006) Sarbanes-Oxley guide for finance and information technology professionals. impudent Jersey John WileyJahmani, Y. and Dowling, W. (2008) The impact of Sarbanes-Oxley Act Cluteinstitute-Onlinejournal online 6(10), 57-66. Available from 26 August 2010Pathak, J. (2005) learning Technology Auditing An Evolving Agenda. New York SpringerSentt,S. and Gallegos, F. (2009) Information technology control and audit(3dn). Florida Taylor FrancisWelytok, G. (2006) Sarbanes-Oxley For Dummies. indium Wiley
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment