Under Sarbanes-Oxley 2002 regulations, which companies or industries are required to have internal controls for computer access? Which companies or industries are not required to follow these regulations? Would you recommend that companies that are not obligated by the law still follow the computer access portion of the regulation? Explain why or why not.
Why is it important to understand the boundary conditions - scope, time, and cost of any information systems project?
Under SOX Section 2002, all public companies must adhere to following all sections of SOX, including Section 404. Section 404 deals directly with all aspects of internal controls and their application in the company's structure. Under this section, the company must report on their internal controls, which include internal controls for computer access. There is no separate SOX section specifically for internal control over computer access, it would be a part of Section 404. The report, which must be included in the company's annual report, must report on the basic internal control structure as well as the effectiveness of that structure. If deficiencies are found within the internal control procedures or the internal control procedures had to be modified in some way, companies are under legal obligation to report this information. If the company fails to do so, they will be found in violation of SOX Section 404. The company will have to revise their annual report to include the omitted or erroneous ...
This solution explains which companies are and are not required to follows certain internal control regulations under Sarbanes-Oxley 2002 and also provides recommendations that companies that are not obligated by the law still follow the computer access portion of the regulation as well as the importance of understanding the boundary conditions - scope, time, and cost of any information systems project. 645 words.