The Age of Compliance

How Sarbanes-Oxley affects IT management

The Fall of Enron

• Filed for Bankruptcy December 2001

• Accounting errors = $600 million

• Special Purpose Entities (SPE)

• Andrew Fastow (CFO)

The Demise of Andersen

• Strong beginnings

• Role change for Accountants

• Increase in non-auditing services

• Cover-up

• WorldCom debacle

• Not alone on the corrupt auditing front

Sarbanes-Oxley Act

• Architects:– Senator Paul Sarbanes– Representative Michael Oxley

• July 30, 2002 – signed by President Bush

PCAOB

• Public Company Accounting Oversight Board

• All accounting firms must register

• 5 member board– 2 CPA’s

– 3 non CPA’s

• First Chairman – William Webster

• Current Chairman – William McDonough

PCAOB

• Review existing standards

• Review attestation of internal controls

• Set new standards

• Authority to investigate and discipline

Auditor Independence

• Non-audit services for auditing clients are no longer allowed– Bookkeeping– IS design– Any other consulting services

• Rotate partners every 5 years

• No ex-audit team executives

Internal Audit Committee

• Not on the company bank roll

• Select and compensate auditor

• Oversee the audit

• Resolve issues between auditor and company

New Requirements for execs.

• Statement of appropriateness– Financial statements and disclosures

• Section 404– Internal Control Report

Internal Control Report

• Management responsible for IC

• Assessment of effectiveness of IC

• If material weaknesses– Must disclose

– Can’t issue internal control report

• Compliance dates– November 15, 2004 (> $75 million mkt caps)

– April 15, 2003 (< $75 million mkt caps)

Disclosures

• Material Adjustments

• Off-Balance Sheet transactions

• Company – Executive transactions

• Financial expert on Audit Committee

• Code of Ethics

White Collar Crime Enhancement

• Keep audit papers and email 7 years

• Destroying files = felony

• Securities Fraud– Statute of Limitations increased– Maximum imprisonment increased to 10 years

• “Whistleblower Protection”

White Collar Crime Enhancement

• Mail/wire fraud increased imprisonment

• SEC can prevent felons from exec. Positions

• SEC can stop oversized payments to officers

• Financial Statement fraud– $5 million– 20 years imprisonment

Pre Sarbanes-Oxley

• Flexibility

• Loosely defined policies

• Unsegregated responsibility

Initial Reactions

[I] doubt if the CIO would even be interested -Patrick Kiernan; senior financial systems

analyst

Companies that don’t involve the CIO are simply missing the point of the legislation

-Tom Patterson; KPMG senior manager

Forced Changes

• Role of CIO changes

• IT departments shift focus

Compliance Issues

• Infrastructure

• Software

• Storage

• Outsourcing

Infrastructure Issues

• Network integrity– Increased dependency on open IP network– IP guidelines are in an “embryonic state”

• Lack of security Policies

Steps in Addressing Infrastructure Issues

• Update financial transaction and reporting systems

• Document proper maintenance procedures

• Develop policies for making adjustments to financial systems

Software

• Aid in Compliance

• Developers include– Oracle– Redmond– OpenPages– Concur

Data Storage

• Develop written police for retaining and storing data

• Maintain records for seven years (recommended)

– Three tiered approach

Outsourcing

Use of service providers doesn’t reduce the responsibility of corporate executives from maintaining effective internal controls

-Public Company Accounting Oversight Board

Evaluating Controls of Business Parrners

• SAS 70– In-depth examination of internal controls– Service offered by accounting firms

• Satisfactory SAS 70 Type II Audit– Likely to meet Sarbanes-Oxley requirements– Mitigates Risk

Benefits

Comapnaies with well run compliance processes enjoy share-price premiums,

competitive advantages, improved moral, and reduced risk

-Steven Lindseth; Chairman of Axentis Inc.

Costs

• Loss of control

• Loss of privacy

• Project delays

Career in a Compliance Driven Era

• Expanding opportunities– Systems auditing

– Storage experts

• Skills That could give you a competitive advantage– Understand control objectives

– Exhibit professional skepticism

– Comprehension of basic components of Sarbanes-Oxley

– Maintain a basic knowledge of accounting terminology and accounting systems