Upload
avis-harrell
View
214
Download
2
Embed Size (px)
Citation preview
The Age of Compliance
How Sarbanes-Oxley affects IT management
The Fall of Enron
• Filed for Bankruptcy December 2001
• Accounting errors = $600 million
• Special Purpose Entities (SPE)
• Andrew Fastow (CFO)
The Demise of Andersen
• Strong beginnings
• Role change for Accountants
• Increase in non-auditing services
• Cover-up
• WorldCom debacle
• Not alone on the corrupt auditing front
Sarbanes-Oxley Act
• Architects:– Senator Paul Sarbanes– Representative Michael Oxley
• July 30, 2002 – signed by President Bush
PCAOB
• Public Company Accounting Oversight Board
• All accounting firms must register
• 5 member board– 2 CPA’s
– 3 non CPA’s
• First Chairman – William Webster
• Current Chairman – William McDonough
PCAOB
• Review existing standards
• Review attestation of internal controls
• Set new standards
• Authority to investigate and discipline
Auditor Independence
• Non-audit services for auditing clients are no longer allowed– Bookkeeping– IS design– Any other consulting services
• Rotate partners every 5 years
• No ex-audit team executives
Internal Audit Committee
• Not on the company bank roll
• Select and compensate auditor
• Oversee the audit
• Resolve issues between auditor and company
New Requirements for execs.
• Statement of appropriateness– Financial statements and disclosures
• Section 404– Internal Control Report
Internal Control Report
• Management responsible for IC
• Assessment of effectiveness of IC
• If material weaknesses– Must disclose
– Can’t issue internal control report
• Compliance dates– November 15, 2004 (> $75 million mkt caps)
– April 15, 2003 (< $75 million mkt caps)
Disclosures
• Material Adjustments
• Off-Balance Sheet transactions
• Company – Executive transactions
• Financial expert on Audit Committee
• Code of Ethics
White Collar Crime Enhancement
• Keep audit papers and email 7 years
• Destroying files = felony
• Securities Fraud– Statute of Limitations increased– Maximum imprisonment increased to 10 years
• “Whistleblower Protection”
White Collar Crime Enhancement
• Mail/wire fraud increased imprisonment
• SEC can prevent felons from exec. Positions
• SEC can stop oversized payments to officers
• Financial Statement fraud– $5 million– 20 years imprisonment
Pre Sarbanes-Oxley
• Flexibility
• Loosely defined policies
• Unsegregated responsibility
Initial Reactions
[I] doubt if the CIO would even be interested -Patrick Kiernan; senior financial systems
analyst
Companies that don’t involve the CIO are simply missing the point of the legislation
-Tom Patterson; KPMG senior manager
Forced Changes
• Role of CIO changes
• IT departments shift focus
Compliance Issues
• Infrastructure
• Software
• Storage
• Outsourcing
Infrastructure Issues
• Network integrity– Increased dependency on open IP network– IP guidelines are in an “embryonic state”
• Lack of security Policies
Steps in Addressing Infrastructure Issues
• Update financial transaction and reporting systems
• Document proper maintenance procedures
• Develop policies for making adjustments to financial systems
Software
• Aid in Compliance
• Developers include– Oracle– Redmond– OpenPages– Concur
Data Storage
• Develop written police for retaining and storing data
• Maintain records for seven years (recommended)
– Three tiered approach
Outsourcing
Use of service providers doesn’t reduce the responsibility of corporate executives from maintaining effective internal controls
-Public Company Accounting Oversight Board
Evaluating Controls of Business Parrners
• SAS 70– In-depth examination of internal controls– Service offered by accounting firms
• Satisfactory SAS 70 Type II Audit– Likely to meet Sarbanes-Oxley requirements– Mitigates Risk
Benefits
Comapnaies with well run compliance processes enjoy share-price premiums,
competitive advantages, improved moral, and reduced risk
-Steven Lindseth; Chairman of Axentis Inc.
Costs
• Loss of control
• Loss of privacy
• Project delays
Career in a Compliance Driven Era
• Expanding opportunities– Systems auditing
– Storage experts
• Skills That could give you a competitive advantage– Understand control objectives
– Exhibit professional skepticism
– Comprehension of basic components of Sarbanes-Oxley
– Maintain a basic knowledge of accounting terminology and accounting systems