ra sarbanesoxley presentation

Document Sample
ra sarbanesoxley presentation Powered By Docstoc
					Sarbanes Oxley Act of 2002


By: Rajiv Singh Kairon
Introduction
  During the course of this presentation you
  will learn the following:
 What is Sarbanes Oxley Act of 2002?
 The impact of SOX on Corporate
  Governance Standards
      Section 302 – Management Certification
      Section 404 – Evaluation of New Controls

 How to comply with the Act?
 What if you don’t comply?
What is the Sarbanes Oxley Act of
2002?
Sarbanes Oxley Act of 2002, commonly referred to as SOX,
was passed by the US Congress in response to corporate
scandals such as Enron.

The bill was jointly introduced in the Congress by Sen. Paul
Sarbanes (D-Ohio) and Michael J. Oxley (R-Ohio) and was
enacted in July of 2002.
Sarbanes Oxley Act of 2002 aims to:
 Reduce if not eliminate corporate fraud by having
  publicly traded companies provide greater financial
  accountability.
 Increase while collar crime penalties.
        Section 302 – Management Certification
        Section 404 – Evaluation of New Controls
 CFOs and CEOs must certify financial statements.
    What is the Sarbanes Oxley Act of
    2002? (Continued)…
    Sarbanes Oxley Act of 2002 aims to (continued)…
   SAS70 Audit may be required in corporate takeover
    situations wherein the state of the smaller company’s
    IT and Security controls are scrutinized by an
    independent audit.
   Greater independence of Auditors to avoid
    commingling and/or undue influence of interests
The impact of SOX on Corporate
Governance Standards
As a result of the Sarbanes Oxley Act of 2002, hereafter
referred to as “SOX”, publicly traded companies must now
include in their annual reports a report of management on the
companies internal control over financial reporting.

 – Section 302: Corporate Responsibility over Financial Reports
   This section of SOX requires that the principal executive officer(s)
   such as a company’s CFO and CEO certify in each annual or quarterly
   report that —
      (1) the signing officer has reviewed the report;
      (2) based on the officer’s knowledge, the report does not contain
       any untrue statement of a material fact or omit to state a material
       fact necessary in order to make the statements made, in light of the
       circumstances under which such statements were made, not
       misleading;
The impact of SOX on Corporate
Governance Standards (Continued)
– Section 302 (continued)…
      (3) based on such officer’s knowledge, the financial statements,
       and other financial information included in the report, fairly
       present in all material respects the financial condition and results
       of operations of the issuer as of, and for, the periods presented in
       the report;
      (4) the signing officers—
      (A) are responsible for establishing and maintaining internal
       controls;
      (B) have designed such internal controls to ensure that material
       information relating to the issuer and its consolidated subsidiaries
       is made known to such officers by others within those entities,
       particularly during the period in which the periodic reports are
       being prepared;
      (C) have evaluated the effectiveness of the issuer’s internal
       controls as of a date within 90 days prior to the report; and
The impact of SOX on Corporate
Governance Standards (Continued)
– Section 302 (continued)…
      (D) have presented in the report their conclusions about the
       effectiveness of their internal controls based on their evaluation as
       of that date;
      (5) the signing officers have disclosed to the issuer’s auditors and
       the audit committee of the board of directors (or persons fulfilling
       the equivalent function)—
      (A) all significant deficiencies in the design or operation of
       internal controls which could adversely affect the issuer’s ability
       to record, process, summarize, and report financial data and have
       identified for the issuer’s auditors any material weaknesses in
       internal controls; and
      (B) any fraud, whether or not material, that involves management
       or other employees who have a significant role in the issuer’s
       internal controls.
The impact of SOX on Corporate
Governance Standards (Continued)
– Section 302 (continued)…
      (C) have evaluated the effectiveness of the issuer’s internal
       controls as of a date within 90 days prior to the report; and
      (D) have presented in the report their conclusions about the
       effectiveness of their internal controls based on their evaluation as
       of that date;
      (5) the signing officers have disclosed to the issuer’s auditors and
       the audit committee of the board of directors (or persons fulfilling
       the equivalent function)—
      (A) all significant deficiencies in the design or operation of
       internal controls which could adversely affect the issuer’s ability
       to record, process, summarize, and report financial data and have
       identified for the issuer’s auditors any material weaknesses in
       internal controls; and
      (B) any fraud, whether or not material, that involves management
       or other employees who have a significant role in the issuer’s
       internal controls; and
    The impact of SOX on Corporate
    Governance Standards (Continued)
   Provide new meaning to ROI (Return on Investment) as better
    Accounting, IT and Security controls have translated into
    better management decision.
   The Accounting, IT and Security wings of a company are
    now aligned as the each have an impact on the other.
           Section 404 of SOX – Management Assessment of Internal Controls
            Although, the language of this section at first does not alert one to the
            heavy reliance on IT and IT Security controls for this section of SOX, a
            study of the impact of this section does indicate that the devil is in the
            details.

            Under Section 404 if there is any change in software implemented and
            that change would have an impact, direct or indirect, to the financial
            reporting of a company; then as part of the internal control reporting, the
The impact of SOX on Corporate
Governance Standards (Continued)
   …following five most common internal controls need to be part of the
   corporate governance standard mindset.
     1. Documented
          • Each development process related to making a change in a software system needs
            to be well documented.
     2. Approved
          • The three most common approval control points that have emerged in the
            development process are: feature selection (or prioritization of service requests
            such as patches), testing signoff, and rollout to production .
     3. Audited
          • As part of the this control all changes will need to be audited. This should cover
            areas such as who performed a change, what was affected in the change, and
            when that change was made
          • Ensure all types of changes are monitored and audited. If there is a manual step in
            your build process where you execute stored procedures to create data structures,
            changes to those stored procedures need to be audited as well.
     4. Separation of duties
          • Separation of duties is the simple concept of segregating different users from
            different parts of a software system. This assists in greater objectivity as well as
            provides more stability to the overall change process. For example, a person who
            is responsible for implementing code modifications in a software should not also
            be the person who signs off on the codes effectiveness.
The impact of SOX on Corporate
Governance Standards (Continued)
…following five most common internal controls (continued)
        5. Tested
            • All changes implemented should also be tested to validate and confirm that the
              key financial-related business processes still work as planned.


While as a result of SOX companies have had to spend good
portion of their revenue to meet regulatory compliance needs;
this in turn, has ushered an era of renewed investor
confidence in corporate America.
  How to comply with the Act?
 Top  down approach enforcing corporate
  integrity and ethical responsibility.
 Conduct annual (more frequently if
  preliminary results indicate greater than
  anticipated risks) internal audits to meet
  compliance with SOX requirements.
 How to comply with the Act?
 (Continued)
 Have  a whistleblower program in place
  to ensure employees can report
  irregularities without fear of being
  targeted or retaliated against.
 Conduct ongoing employee training
  emphasizing the overall outcome of
  corporate accountability.
 How to comply with the Act?
 (Continued)
 Have  documented processes in place to
  ensure business continuity.
 Put into place an Information Security
  Management System (ISMS) to ensure
  IT Best Practices are followed corporate
  wide.
 What if you don’t comply?
 Depending    on the area of non-
  compliance substantial fines can be
  levied against a company.
 Both the CFO and CEO can be subjected
  to civil as well as criminal penalties
  including but not limited to jail time.
 Non-compliance can lead to a weakening
  of investor sentiment and can wreak
  havoc for a publicly traded company.
Summary
   Sarbanes Oxley Act of 2002 (more commonly referred to
    as SOX), was enacted in response to corporate scandals
    such as Enron.
   The ultimate goal of SOX is promote better corporate
    governance by auditing Financial, IT and Security
    controls of a company.
   CFO and CEO of an organization have to sign-off on
    regulatory filings such as annual and quarterly reports,
    thus adding greater accountability to corporate finances.
   Failure to comply with the SOX can lead to weakening of
    investor sentiment in a company and subject the
    company’s officers to civil (fines) as well as criminal
    action (jail time).
Thank You

         T               e
                 h

     E       n       d

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:8/8/2012
language:English
pages:17