Title: Information Technology Professionals Meet Sarbanes-Oxley
Abstract: ABSTRACT The Sarbanes-Oxley Act of 2002 (SOA) is a law that will affect the lives of top level company officers along with finance and accounting professionals. Top level officers are responsible for the veracity of financial reporting under the SOA. Finance and accounting professionals have traditionally been the corporation's experts regarding financial and operational controls. However, in today's world, information technology (IT) professionals play a key role in designing and maintaining the systems that enforce those controls. This paper examines the challenges that IT professionals will face as they find themselves face-to-face with the provisions of the SOA, a law that could put executives in jail and cause middle managers to lose their jobs. INTRODUCTION The Sarbanes-Oxley Act of 2002 (SOA) was passed in the United States (U.S. Code, 2002) in response to a series of significant failures in corporate governance, including Enron (Schwartz, 2001) and the related failure of accounting firm Arthur Andersen (Eichenwald, 2002), HealthSouth (Day, 2003), Tyco (Sorkin, 2002), and WorldCom (Moules & Larsen, 2003). Even Europeans, many of whom were convinced that this rash of management frauds were a result of American's hyper-capitalism mania and could never happen in the refined atmosphere of the continent, found that they were not immune when Parmalat's $15 billion in understated debt and huge overstatements of sales and earnings were exposed. The SOA imposes a number of reporting and compliance requirements on companies, their managers, and their directors. It also imposes a number of requirements on the systems of internal control used in companies. In this paper, we examine how IT professionals will need to be involved with SOA compliance activities in companies that are subject to the law. IT REPORTING LEVELS IN THE ORGANIZATION In many organizations, IT professionals report to a Chief Information Officer (CIO) who reports, in turn, to a Vice President of Finance or Administration. This traditional reporting path places the top IT officer of many companies below the senior decision making level. Companies that do this see IT as a service function and not as a source of competitive advantage (Laudon & Laudon, 2004; Oz, 2004). The senior finance or administration officer often has an accounting background. In many cases, this means that the person to whom the CIO reports knows little about IT issues. An increasing number of companies, including Novell and FedEx, have taken a different tack. These companies have placed responsibility for IT investments and IT strategy in the hands of their boards of directors (Hoffman, 2004). These companies have realized that there is significant legal risk involved if IT projects are not managed properly because inadequate controls can result from IT project failures (Hardesty, 2004). An understanding of internal control demands an understanding of the underlying accounting and administrative systems of the company (Hall, 2004). As every business of any size has computerized its accounting and administrative systems, the people who know these systems well and who understand their design are increasingly members of the ranks of IT professionals. IT professionals, both inside the company and in consulting firms outside the company, can provide valuable services to the company as it attempts to comply with the internal control standards set by the SOA. DOCUMENTATION OF CONTROLS The Sarbanes-Oxley compliance deadlines that most large companies will face in 2004 and 2005 for the first time include a major challenge. Section 404 of the SOA requires that companies subject to the law document their internal controls, including internal IT controls. However the SOA is unclear about which controls need to be documented and how the documentation should be accomplished. The control documentation must include a risk assessment process and must result in the documentation of controls. …
Publication Year: 2006
Publication Date: 2006-01-01
Language: en
Type: article
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot