Sarbanes-Oxley Act - Key Links
The following links pertain to the Sarbanes-Oxley Act of 2002 based on research to ensure compliance for a key project at work. These links provide information on the new law itself and it's impact on IT and security reporting concerns.
The Sarbanes-Oxley Act was signed into law on 30th July 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It introduced stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
Some Key Links
http://www.sarbanes-oxley.com/
http://www.pcaob.com/standards.php
http://www.soxtoolkit.com/
http://www.sarbanes-oxley-forum.com/
http://www.entrust.com/governance/sox.htm
http://www.accountancyage.com/Specials/1131092
http://www.auditnet.org/sarbox.htm
http://www.ifsworld.com/ifs_applications/sarbanes_oxley/default.asp
These link provides the full text of this new law in HTML and PDF formats:
http://vscpa.com/Advocacy/SOtext.htm
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.txt.pdf
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
http://www.aicpa.org/sarbanes/index.asp
Key Target Dates for Compliance
|
Details |
Section |
|
302 |
404 |
409 |
|
What is it about? |
Certification of financial reports quarterly |
• Annual certification of internal controls
• Independent accountant attests to report
• Quarterly reviews for updates/change |
• Material event reporting
• "Real-time" implications |
|
Who signs off? |
• CEO
• CFO |
• Management
• Independent accountant/auditor |
• Management
• Independent accountant/auditor |
|
Effective Date? |
August 29, 2002 |
Fiscal year ends on/after:
• November 15, 2004 for accelerated filers*
• FY ending on/before July 15, 2005 for all others
*Note: For organizations on a calendar fiscal year, this means that compliance is an issue for January, 2004 |
• Not finalized
• Expected in 2004 |
Information Technology - Critical Success Factors
Using IT successfully to comply with Section 404 means intergrating IT into your Sarbanes-Oxley program by:
- Making IT an active participant in the company's program management office for Sarbanes-Oxley compliance;
- Organizing IT resources and establishing an IT internal control program;
- Providing IT representation on the steering committee;
- Identifying, documenting and evaluating IT-related COSO requirements, IT processes and application controls, including:
- Application Controls: data validation, e-checks and output reconciliations, segregation of duties, protection of sensitive data;
- General Application Controls: application development, testing, change control, database management, and application level security;
- General Computer Controls: hardware/software configuration and management, performance and capacity management, security, data center operations, database administration;
- Employing Best Practices: tools, approaches and internal control specialists as required.
Information Technology - Key Links
http://www.computerworld.com/securitytopics/security/story/0,10801,94535,00.html
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci929451,00.html
http://www.cioinsight.com/article2/0,3959,1217378,00.asp
http://www2.cio.com/analyst/report2271.html
http://www.eweek.com/article2/0,4149,1527933,00.asp
http://www.nwfusion.com/news/2004/0730pwc.html