Tips On How To Achieve Sarbanes Oxley Act Compliance
The Sarbanes-Oxley Act of 2002 was a legislation which came to force because of the many financial scandals like World Con and Enron. This really important legislation basically came into effect to protect the interest of general public as well as parties such as shareholders from the fraudulent practices and accounting errors in companies. It incorporates issues such as financial disclosure, corporate governance and public accounting in the United States. This act was made keeping in mind that the self interest of a few companies could end up affecting the fortunes of many. The act comes under the Securities and Exchange Commission or SEC which is the body that publishes the rules and sets the deadlines for compliance. Sarbanes Oxley Act compliance is mandatory for certain kinds of companies.
Rather than being a set of guidelines for business practices, the Sarbanes-Oxley Act clearly lists out which records to be stored and how long. Thus the act is related to the IT as well as financial departments of organizations. The Sarbanes-Oxley Act states that very business record including electronic messages and records have to be stored for a period "not less than five years".
Sarbanes Oxley Act compliance is really important since the consequences of non-compliance are severe and the punishments could include fines and imprisonment. Sarbanes Oxley Act compliance is thus a highly challenging task for the IT departments of organizations which have to store as well as maintain the records for such a long duration and do it in a cost effective way.
Sarbanes Oxley Act compliance requires the management to give an "internal control report" which must give an assessment of he past year regarding the effectiveness of the internal control procedures adopted by the company. After this external auditors are needed to assess whether internal control regarding financial reporting has been maintained by the management along with checking the accurateness of the financial statements of the company. The requirement for the management in addition to an external auditor to check and report the efficiency of the internal controls is a costly requirement of the legislation since this requires a lot of time and effort. The Securities and Exchange Commission identifies the COSO framework as a means to achieve Sarbanes Oxley act compliance Act. These steps are: Risk assessment: before implementing the controls, the IT management must understand the areas which may affect the validity of the reports. Control activities: the quality assurance, design and implementation teams must be independent. Also, a trail must be maintained for each system which has a hand in handling financial information and there must be written policies in place about the business requirements, specification and documentation required for each project. Control environment: the environment in the organization should be such that the employees take the credit for the success of the projects. This would help the organization work well. They must also be made to understand the workings of the organization through cross training with other departments. Monitoring: there must be auditing and internal auditing of the high risk areas of the IT organization. The responsibility for the people to be held responsible for the outcome of eh audits must also be clearly understood. Information and Communication: There must be some setup in place for effective communication so that the IT department is ale to work efficiently. The IT management must tell the company about the steps to be taken for Sarbanes Oxley act compliance.
| 