As a result of the infamous Enron and WorldCom scandals, the U.S. reacted with strict guidelines to re-establish confidence in the financial market. Commonly referred to as the Sarbanes-Oxley Act, or “SOX,” the Public Company Accounting Reform and Investor Protection Act of 2002 was implemented to protect shareholders and the general public from fraud and general accounting errors. SOX has come to be considered part of the total fabric driving reliable financial reporting, impacted by securities laws and regulatory oversight, exchange listing requirements, accepted accounting principles, effective auditing standards, accounting firm oversight, effective standards for audit committees of boards, and independence requirements for directors and auditors, among other things.
Sarbanes-Oxley compliance once was thought to be a relatively static, predictable process that organizations could rely on to be routine and, for the most part, static. Yet market and regulatory changes continue to make this a more dynamic process, with costs and hours continuing to rise for many organizations. The good news is that more organizations are recognizing the benefits of their compliance efforts through improved internal control structure and business processes.
In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Integrated Internal Control Framework (Framework) went into effect (http://www.ic.coso.org). If you’re wondering what this model is, you probably work for a privately held corporation or a non-profit, or are very new to internal audit.
Protiviti has published the second edition of its popular booklet, Guide to the Sarbanes-Oxley Act: IT Risks and Controls.
This publication is the definitive resource guide on IT risks and control issues related to compliance with SOX Section 404. This is a 45 page booklet covering an array of SOX-related topics in a questions and answers format.
Add a Comment: