The circumstances of the creation and implementation of the Sarbanes-Oxley act are a matter of public record, and need no major review here. There is no shortage of information about the act and its implications thus far, and even less shortage of speculation about its future impacts and the way in which compliance with those rules will alter corporate culture, particularly in terms of how financial information is maintained and shared. In the case for this module, we consider certain aspects of the effects of Sarbanes-Oxley on IT management, now and in the future.
In 2004, Knowledge@ Wharton (2004) presented an analysis of the subject; a number of experts were cited, with widely varying views as indicated here by the following excerpts.
"I'm not sure Sarbanes-Oxley has had as much impact as the scandals themselves, which have made organizations want to avoid scandals in the future," says finance professor Marshall E. Blume. "Right after Enron I was talking to an oil company executive who told me, 'We're going to put everything in the annual report now.'"
Thomas W. Dunfee, professor of social responsibility in business, suggests that "it's too soon to know in any detail the impact that the legislation is going to have. It's like an artist's rough preliminary sketch: A great deal of detail has to be filled in. What's key is that Sarbanes-Oxley was a symbolic act and people are now watching. That's probably as effective a way to get behavior changed as a lot of specific, more picayune rules."
The case for this module asks for you to review information regarding the act, its purposes, its implementation, and its effects to date. A good place to begin is this Introduction to Sarbanes-Oxley. For or detailed consideration of impacts regarding information technology, the following sources provide you with a chronological account of SOX and IT:
Worthen B. (2005) Five Top IT Control Weaknesses. CIO Magazine. Retrieved Sept. 23, 2007 from http://www.cio.com/article/8097/_The_Top_Five_IT_Control_Weaknesses
Hoffman T. (2005) More Companies Tap IT for Sarbanes-Oxley. Computerworld. Retrieved Sept. 23, 2007 from http://www.computerworld.com/softwaretopics/software/story/0,10801,105463,00.html
Nash, K. (2007) Why, 5 Years After Sabanes-Oxley Became Law, IT Executives Are Better Off. Retrieved Feb. 24, 2008 from http://www.cio.com/article/127851/Why_Five_Years_After_Sarbanes_Oxley_Became_Law_IT_Executives_Are_Better_Off/1
Cote, B. (2008) Failed Audit? Sarbanes-Oxley Compliance Journal. Retrieved Feb. 24, 2008 from http://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=2022
Nash, K. S., (2010) SOX Compliance: New Tool for Easier Audits. CIO Magazine. Retrieved from http://www.cio.com/article/593298/SOX_Compliance_New_Tool_for_Easier_Audits.
Benner K. (2010) Is Sarbanes-Oxley a failure? Money.com. Retrieved from http://money.cnn.com/2010/03/23/news/economy/sarbanes_oxley.fortune/index.htm.
The background information also contains a number of resources regarding this act and its effects; you may also wish to conduct your own search and develop further information as appropriate. When you've had a chance to review all of this information and think about the problem to some degree, please prepare a short (4-6 page) paper on the topic:
The major things that IT managers will have to do differently when Sarbanes-Oxley becomes fully implemented and effective
In the course of your paper, please explicitly address among other points the question of what if anything the Sarbanes-Oxley mandate requires that isn't already performed in any well-managed IT system; and try to conclude your paper with the definition of at least three of what you consider to be key open questions yet to be resolved about the impact of Sarbanes-Oxley on IT management.
M5A the changing interaction of finance, information, and technology
The purpose of the Sarbanes-Oxley Act of 2002 is to provide legal protection for business stakeholders against unscrupulous business executives, especially when stocks and similar financial instruments are involved. This paper discusses how the IT management and executives can work to carry out the intentions of the Act in their respective corporations.
Currently, because of this Act, there is greater accountability and responsibility for executives who sign off on financial documents. Financial statements must be complete and accurate, and follow the Generally Accepted Accounting Principles (GAAP). Part of the annual disclosure documents must be a report on the scope and adequacy of internal control structures and procedures. Companies must also disclose any material changes to the public on an urgent basis.
These very responsible procedures have been in existence for as long as there have been businesses and written financial reports, in ethical businesses. In particular, they have been in existence for as long as there are publicly held businesses with stockholders. However, this Act specifies these ethical procedures and standardizes them, and also holds executives accountable for them. The accountants or the financial officers are no longer the only ones that are responsible when inaccurate records are kept This Act is especially welcome for people who rely on these companies to safeguard and increase their personal savings and pensions. Also, with more and more companies becoming multinational, the billions of dollars that they represent have a strict set of guidelines that will dictate how they handle their money.
During the latter part of the 1990's and into the ...
This paper discusses the role of the Information Technology Department in a corporation when faced with the additional responsibilities represented by the Sarbanes-Oxley Act, which holds the business executives responsible for improprieties in corporation financial statements.