Friday, September 30, 2005

In a Nutshell - SOX - The questions you never asked...

The Sarbanes-Oxley Act
What is it?
- all public companies are required to certify and document internal financial Controls and Reporting

SECTION 302
CEOs and CFOs certify the Financial results

SECTION 404
Management to assess internal controls and processes that contribute to a financial report step-by-step.

Why Implement
To avoid another Enron scandal... Is this not enough?

How do I comply with SOX?
1. Perform Risk Assessment
2. Implement Workflow
3. Document processes
4. Monitor compliance
5. Test Complaince
6. Repeat steps 1 to 6 next year...

What and who do I use to achieve compliance?
- Hire a knowledgable security/audit company or SOX consultant
- Invest in Technology that supports 'environments of compliance'
- Upgrade your IT Infrastructure
- Implement Third party software (i.e. for document handling)
- Internal Audit groups should work closely with External Auditors

RESULTS
Happy Goverment = Wealthy Stockholders = Strong Confidence = Great Reputation

Added benefit
The CEO and CFO do not go to jail...

Do not fool yourself by merely tweaking the systems you have to comply. Only large firms with a plepthora of systems are allowed to do that...

Security and compliance should not be a 'knee-jerk' response!

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?