Over the past 10 old ages we have been exposed to a series of fiscal dirts.
The consequence has been ruinous and society has required ordinance to keep corruptness. In 2002, the USA senator Paul Sarbanes and Representative Mike Oxley sponsored the Public Company Accounting Reform and Investor Protection Act. It is by and large called the Sarbanes-Oxley ( SOX ) Act and was put in topographic point in order to modulate the answerability of fiscal studies and prevent hazards happening However, the deployment of SOX conformity costs a batch of money, resources and attempts.It non merely affects the finance section, but besides the information engineering ( IT ) section.
The hazard bar and cost concern of SOX Act will be described in the first paragraph ; the pros and cons of procedure control, certification and duty will be discussed in the following ; the strengths and drawbacks of security control will be indicated after that ; so the challenge of an IT section for SOX conformity will be examined. Finally, a instance survey on the Enron dirt will be introduced.This essay will assist turn out that the SOX system is worth the monetary value despite certain drawbacks and discourse how an IT section meets the conformity. It is deserving forestalling possible hazards by efficaciously executing the SOX ordinance in malice of excess costs and work load.
To get down with, SOX Act provides a guideline of internal control for fiscal statement to forestall any possible hazard, all the fiscal events and accounting activities will be pull offing by this mechanism.Therefore, the fiscal statements would be more accurate and dependable ( Anand 2006: 2 ) . In add-on, through regular internal and external auditing to guarantee there has no unscrupulous behaviours in the fiscal operations. Consequently, the possible hazards can be minimized and unethical behaviours can be prevented and deterred.
However, the finance and IT departments must budget the outgo of SOX execution at the beginning and besides necessitate to pay external accounting houses for regular scrutinies every twelvemonth.The appraisal of its cost was about USD 91,000 with an excess 383 adult male hours in 2003, and the cost is still increasing every twelvemonth ( Jahmani and Dowling 2008: 59 ) . Staffs have an increased work load by collaborate with advisers for the auditing. Those employees non merely have to document everyday activities, but besides need to fix a batch of groundss for hearers ‘ probe.
Although employees may endure through these extra undertakings, some unexpected benefits will be gained from them every bit good. The transparence of certification gives a company more unity even though some procedure alterations are required.The criterion operating process ( SOP ) of each section must be documented, particularly for those operations involve to fiscal activities and SOX conformity. Namely, the internal or external hearers will look into any possible hazard of procedure control harmonizing to the certification.
It is thought that the constitution of SOP and certification would be an advantage to companies, because it demonstrates the system of a company and employees are easy to follow, and it besides improves the effectivity and efficiency of concern procedure.In add-on, the segregation of responsibilities is besides a critical control point to the SOX conformity for the hazard bar ( Anand 2006: 53 ) . Employees are required to bespeak histories to the system decision maker harmonizing to their duty, and other co-workers are disallowed to treat information systems through other people ‘s system histories. Therefore, every individual item is filed into the information system with regular backup solutions.
It provides the traceability for hearers look intoing any suspected issues.Conversely, companies may necessitate to alter concern procedure flow and modify related system flow in order to aline with SOX Act guideline. They must pay excess costs of concern procedure re-engineering and IT staffs must heighten information system to run into those demands every bit good. The ordinance of security control will avoid inappropriate behaviours go oning although employees may experience defeat.
The IT section performs a really of import function to help and cut down the attempt of manual occupations.However, they normally have more governments in system to back up user demands. For this ground, IT members are besides divided into different functions, and those functions are normally individually assigned into waiter, database, security and application systems. Every alteration and alteration must be approved and documented into the system.
Furthermore, those alterations must be on a regular basis reviewed by the direction squad in the alteration direction meeting ( Sentt and Gallegos 2009: 408 ) .Therefore, it will be more safety and the hazard of system alteration can be diminished. In amount, employees have clear apprehension of their functions and their public presentation can be easy traced from the information system. Potential hazards can be besides minimized by the limitation of system design and security control.
Despite this benefit, more staffs may necessitate to be hired to forestall the struggles of occupation responsibilities, because employees can non formalize the regulation of segregation of responsibilities.Finally, owing to those complicated limitations of SOX conformity ordinance, employees may experience frustrate of against regulations. They may prefer concentrating on their everyday undertakings instead than widening their capableness to affect another country because of hazards taken. IT section frequently plays an of import function of implementing SOX conformity for the information system position.
There are some attacks suggested for an IT section to get by with the challenge of SOX conformity. To get down with, a sophisticated information system is cardinal in implementing SOX conformity.The Enterprise Resource Planning ( ERP ) system automatically calculates fiscal studies and its operations normally can run into Sarbanes-Oxley Act demands ( Pathak 2005: 72 ) . Following, the system alteration and plan version control are besides mandated.
Therefore, the debut of a alteration direction system would be helpful for put to deathing these alterations. In add-on, cross cheque of those alterations would assist companies forestall any unexpected catastrophe every bit good as some frauds in intent.Furthermore, system logs, backup solutions and security controls are besides critical for an IT section run intoing the standard of SOX execution. Ultimately, certification is a basic component for the success of SOX conformity execution.
Therefore, system manuals, user manuals, dealing logs, security control sheets, agenda occupations and alteration petition logs must be archived and categorized in the file system. In short, every bit long as IT section follows above guidelines, so it will non be hard to run into the challenge of implementing the SOX conformity.Let us now look at the Enron dirt, a important illustration non least because of its impact on the USA authorities and society. The aftershocks were felt globally.
Enron was an energy company which supplied electricity and gas in the USA. This company was besides supplying bandwidth service, paper and metal trade goods. However, those investings seemed non successful and profitable. Enron therefore had created a batch of abroad particular intent entities for concealing Enron ‘s losingss on their fiscal studies, and it had besides created the semblance of profitableness which was really losing money.
Besides, Enron ‘s audit house Arthur Andersen had a long term relationship and it assisted Enron to conceal losingss by destructing related paperss. Finally, their confederacy was exposed to society due to disclosure of a immense sum of unrevealed losingss – USD 586 million. The stock monetary value had a dramatic autumn from about USD 90 dollars to 30 cents. Finally, Enron was filed bankruptcy in 2002 ( Welytok 2006: 26 ) .
Peoples should larn the harmful from this incident, peculiarly the US authorities and the full corporate must forestall such sort of dirt happening once more.Therefore, the execution of SOX Act would be a good attack to control corruptness. The grounds shows that implementing and prolonging SOX conformity could minimise fraud or offense hazard up to 95 per cent of a company, if that company performs it suitably and efficaciously ( Anand 2006: 196 ) . It demonstrates the significance and effectivity of SOX conformity.
In decision, there are several advantages and disadvantages for implementing SOX conformity in companies. First, fiscal studies would be more crystalline and dependable through scrutinizing controls, and possible hazards will be reduced.Following, both companies and employees will profit from the creative activity of certification. Because it meets SOX conformity and helps employees understand the concern procedures.
After that, it is more safety for the limitations of system history and authorization, and those possible cheats would be minimized. Conversely, there are some disadvantages of SOX conformity to companies. First, SOX conformity execution will be a batch of disbursal, and companies have to budget for SOX scrutinizing every twelvemonth. In add-on, the procedures alteration of a company is inevitable to conform to the guideline.
Furthermore, employees may lose their enthusiasm for occupation due to the restrictions of SOX Act, employees would go defeated of affecting the other countries. Finally, some schemes are advisable for IT section implementing the SOX conformity. For case, a sophisticated ERP system can be easier to accommodate the alteration of SOX conformity execution ; alteration direction and version control must be under controlled ; fixing all certifications as possible as you can. Above all are basic elements for the success of SOX conformity implementation.
Reference list:Anand, S. ( 2006 ) Sarbanes-Oxley usher for finance and information engineering professionals. New Jersey: John WileyJahmani, Y. and Dowling, W.
( 2008 ) ‘The impact of Sarbanes-Oxley Act ‘ Cluteinstitute-Onlinejournal [ online ] 6 ( 10 ) , 57-66. Available from & lt ; www.cluteinstitute-onlinejournals.com/PDFs/1228.
pdf & gt ; [ 26 August 2010 ]Pathak, J. ( 2005 ) Information Technology Auditing – An Evolving Agenda. New York: SpringerSentt, S. and Gallegos, F.
( 2009 ) Information engineering control and audit ( 3dn ) . Florida: Taylor & A ; FrancisWelytok, G. ( 2006 ) Sarbanes-Oxley For Dummies. Indiana: Wiley