The Sarbanes-Oxley Act (SOX), also known as the U.S. Public Company Accounting Reform and Investor Protection of 2002, is an Act that is specially designed to rebuild the confidence of investors and stock owners in public corporations after a series of accounting scandals that transpired in the past. The law was passed by U.S. Representative Michael G. Oxley and U.S. Senator Paul Sarbanes in 2002 to promote financial transparencies and consistencies in public companies and corporations in order to protect the interest of every stakeholder of the organization, especially the investors.
Strict penalties are imposed on public corporations that do not comply with the requirements of this Federal Act. By virtue of the Sarbanes-Oxley Act, it is compulsory for every public corporation that is headquartered in the United States to provide accurate financial data to be evaluated by an external auditor. Strict penalties are imposed on CFO’s and CEO’s held liable for inaccuracies and inconsistencies in financial data and reports presented.
Proponents of the Sarbanes-Oxley Act believed that the Federal law is effective in increasing the confidence of investors and fund managers by promoting transparency in the production of corporate financial statements. Presently, the Sarbanes-Oxley Act is only applied to public companies and corporations that are headquartered in the United States. Private companies who wish to go public must also comply with Sarbanes-Oxley Act.
The Sarbanes-Oxley Act was actually formulated as a response to the financial scandals involving WorldCom and Enron. The Act is designed to eliminate fraudulent practices and minimize internal errors within organizations. Improved disclosure and transparency usually results in early detection of financial fraud, prevention of its adverse effects and determination of appropriate and cost-effective solutions to the different financial errors and difficulties. This ultimately leads to an enhanced operational and financial efficiency within the organization.
The Sarbanes-Oxley Act mandates that IT departments save electronic messages and records for no less than 5 years. Non-compliance to the new laws can subjects CEO’s and CFO’s to imprisonment, fines or both.
Many public companies do not find complying with the Sarbanes-Oxley Act appealing, but the Federal law is beneficial in promoting integrity and transparency within the organization. The accuracy and reliability of the internal financial data presented allows high level personnel to manage their resources efficiently. SOX has actually contributed to the success of a number of industries such telecommunications, financial services, retail, manufacturing and technology.
Initially, many companies found the Sarbanes-Oxley Act to be troublesome and costly but as time has gone by there has been unexpected benefits. SOX has been successful in benefitting and protecting the rights of management, investors, and the government. Though SOX compliance is costly, many public companies admit that complicated and complex IT processes were made simpler and easier to accomplish. With the aid of SOX, many corporations were able to standardized their key financial operations and eliminate any redundant information in the system. Furthermore, inaccuracies and inconsistencies in data are minimized while unnecessary controls are eliminated.
Implications of Sarbanes-Oxley Act for IT Managers
The Sarbanes-Oxley Act is considered both a blessing and a burden to public corporations in the United States. The Federal law was primarily proposed to protect the welfare of the investors and stockholders against financial inaccuracies and inconsistencies. Though Sarbanes-Oxley Act compliance is costly, many companies found this federal law to be cost-effective when the proper practices are in place because it promotes overall efficiency in the internal operations of the organization. One of the main goals of the act is to ensure that high level managers are aware of, and are held liable for, financial discrepancies in the organization for which they have responsibility.
Sarbanes-Oxley also obligates public companies to present accurate and reliable corporate financial information and promote transparencies and disclosure to this data. IT is essential in the successful implementation of the Sarbanes-Oxley Act. Failure to comply with the requirements of the law imposes penalties to the CEO’s and CFO’s who are held responsible for any fraudulent financial practice within the organization. The Act further requires the IT department to save pertinent financial information of the corporation for at least 5 years.
In compliance with the Federal Act, the IT departments plays a major role in securing the accuracy and reliability of the corporate data. With the implementation of the Sarbanes-Oxley Act, information technology controls have become more popular. More than anyone else in the company, IT personnel have direct influence over the company’s financial data. To protect the investor’s rights and welfare, the Sarbanes-Oxley act contains rules that limit the power of IT professionals in influencing the management and control of corporate data.
In fact, anyone who is judged guilty in falsifying, destroying, mutilating, altering or making false entries in the tangible documents of the company, whether intentional or unintentional, will be liable to penalties including fines and/or imprisonment up to 20 years.
Information technology controls (IT controls), a subset of the corporation’s internal control, are activities that need to be performed to ensure that the objectives of the organizations are achieved. IT objectives are normally related to integrity, confidentiality and availability of data whenever they are needed.
With regards data confidentiality and security, only authorized users are allowed access to the company’s fixed asset financial data. This is achieved by requiring user ID and password to anyone who desires access to the financial data of the organization. Furthermore, to secure accuracy and integrity of the data, FAS oblige companies to use appropriate depreciation methods, formulas and calculations. IT program controls are normally automated by systems to secure the accuracy and reliability of data processing from input to output.