it sarbanes oxley l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IT & Sarbanes-Oxley PowerPoint Presentation
Download Presentation
IT & Sarbanes-Oxley

Loading in 2 Seconds...

play fullscreen
1 / 15

IT & Sarbanes-Oxley - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

IT & Sarbanes-Oxley . Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset. Introduction. Corporate & Accounting Scandals Public confidence Signed in July 30, 2002 Reach. Titles. TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD TITLE II—AUDITOR INDEPENDENCE

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IT & Sarbanes-Oxley' - berke


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
it sarbanes oxley

IT & Sarbanes-Oxley

Adam Bearhalter

Kristy Kelly

Julie Bland

Alex Tiset

introduction
Introduction
  • Corporate & Accounting Scandals
  • Public confidence
  • Signed in July 30, 2002
  • Reach
titles
Titles
  • TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD
  • TITLE II—AUDITOR INDEPENDENCE
  • TITLE III—CORPORATE RESPONSIBILITY
  • TITLE IV—ENHANCED FINANCIAL DISCLOSURES
  • TITLE V—ANALYST CONFLICTS OF INTEREST
  • TITLE VI—COMMISSION RESOURCES AND AUTHORITY
  • TITLE VII—STUDIES AND REPORTS
  • TITLE VIII—CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY
  • TITLE IX—WHITE-COLLAR CRIME PENALTY ENHANCEMENTS
  • TITLE X—CORPORATE TAX RETURNS
  • TITLE XI—CORPORATE FRAUD AND ACCOUNTABILITY
key provisions
Key Provisions
  • SOX Section 302: Internal control certifications
  • SOX Section 404: Assessment of internal control
  • SOX Section 802 Criminal Penalties for Violation of SOX
  • SOX Section 1107 Criminal Penalties for Retaliation Against Whistleblowers
sox section 404
SOX Section 404
  • Management must report on the effectiveness of the company's internal controls over financial reporting.
    • A statement of management's responsibility over internal controls
    • Management's assessment of the effectiveness of the company's internal control
    • Identify the framework used to evaluate controls
    • State that their auditor has reported on their internal controls as well

www.sec.gov

sox section 4046
SOX Section 404
  • In today’s business environment IT systems initiate, process, and report most financial transactions
  • Because they are so involved in the day to day financial transactions, the IT systems become key to financial reporting
  • Making the controls over the IT systems key to financial reporting as well

IT Governance Institute, 2006

sox section 4047
SOX Section 404
  • Management is required to implement an internal control framework.
  • COSO is most widely used framework for SOX compliance
    • Pays little attention to IT controls
  • COBIT is one of the better known frameworks that relate to IT controls

IT Governance Institute, 2006

key controls
Key Controls
  • Controls that are key to ensuring that the values on the balance sheet are accurate and reliable
    • Database triggers entry in general ledger.
    • System to ensure emails are sent
  • IT Auditor ensures that they are effective, reliable, and reproducible
general controls
General Controls
  • Controls that go across all IT systems and are essential to ensuring the integrity, reliability, and quality of the systems
    • Security Policies
    • Change Management
    • Administration of Duties/Rights
administration of duties rights
Administration of Duties/Rights
  • Separation of Duties
    • Individual Permissions Roles
  • Least Privilege
    • Individual only given privileges needed to do their job
  • User Provisioning
    • New users set up with correct privileges
    • Standard profile for each user
what if these 3 principles are not in place
What if these 3 principles are not in place?

The IT system has failed to meet SOX Compliance

The Auditor must:

  • Note the exception
  • Flag it up to Management for remediation
strategies for sarbanes oxley compliance
Strategies for Sarbanes-Oxley Compliance
  • Understand SOX requirements
  • Set aside sufficient resources
  • Get everyone involved
  • Create independent audit committee
  • Educate everyone
  • Evaluate auditors
  • Make required changes
  • Prepare for the future

Source: www.afponline.org

impact of sox on it and management
Impact of SOX on IT and Management
  • Risk Assessment
  • Control Environment
  • Control Security
  • Monitoring
  • Information and Communication

Source: www.answers.com

impact of sox
Impact of SOX

Risk Assessment

  • Areas of Risk
  • Examination of systems
  • Accuracy of Documentation

Control Environment

  • Effectiveness of IC’s
  • Tone of Organization
  • Control Environment Factors

Source: www.answers.com

impact on sox
Impact on Sox

Control Security

  • IT Security

Monitoring

  • Processes and Schedules
  • Internal Audits

Information and Communication

  • Timely and Accurate Information
  • Communication to Management

Source: www.answers.com