Home | Regulatory Compliance | Sarbanes Oxley

Sarbanes Oxley

Sarbanes Oxley sets out new standards and penalties for corporate wrong-doing and strengthens existing standards. The Act comprises 11 titles which lay out auditor and corporate responsibilities, financial disclosure regulations, and penalties for white-collar crimes.

The following sections are of particular interest to IT Executives:

• Section 302 may initially seem simple but is actually very complex. It requires corporate officers to attest to the accuracy of quarterly and annual reports including making representations about the strength of financial controls. This attestation removes any "I didn't know" defense for these officers as they must:
  • confirm that they have reviewed the report
  • confirm that it is true
  • confirm that it fairly represents the financial condition of the company
    and they know this to be true because:
    • they have accepted responsibility for internal controls over their financial processes
    • they have designed controls that ensure that material information reaches them
    • they have personally evaluated the effectiveness of these controls
  
  
• Section 404, which requires an annual assessment as to effectiveness of internal controls in financial reporting. To comply with Section 404 companies must:
  • assess whether their processes for working with financial data are established, documented, and structured to contain controls against risk.
  • do the same for information systems that manage financial data.
  • assess whether they have adequate security controls to ward off theft or corruption of data
  • determine whether their employees' roles, responsibilities, access rights, and permissions could allow material fraud or misrepresentation of financial data.
    
  
  
• Section 802, which ensures authenticity of records and records retention. To comply with Section 802 companies must not:
  • knowingly alter or destroy audit documents
  • knowingly conceal, cover up or falsify audit records
    Audit documents and records can be:
    • workpapers, documents that form the basis of an audit or review
    • memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review

CEOs and CFOs must place a high degree of trust in their IT systems, staff and processes which have a bearing upon corporate financial data, as ultimately they are responsible for ensuring stringency of internal controls.

 

Further information
UPM Resources UPM UPM Overview UPM Datasheet UPM Whitepapers www.unix-pm.com For purchasing requests please contact our sales team at: sales@passgo.com		Compliance Resources Compliance Whitepapers www.aicpa.org/sarbanes/ www.basel-ii-risk.com compliance.co.uk www.sox-online.com www.itgovernance.org www.coso.org www.sarbanes-oxley.com