One of the most talked about regulations these days is obviously Sarbanes-Oxley. Below is a quick summary of Section 302 and 404. Remember, if you are a CEO or CFO, don’t screw up. Otherwise you will be fined up to $1 million and/or up to 10 years in jail.
Section 302
Proper documentation and disclosure of the controls and procedures
certifying officers (financial officers)
authorized, complete and accurate
Section 404
requires the mgmt of the public companies to assess the effectiveness of the organization’s internal control over financial reporting
requires annual review and assessment of the effectiveness of the internal controls
requires a company’s independent auditor to attest to mgmt’s assessment of its internal control over financial reporting
internal controls
- records are logged in reasonable details, accurate and reflect the transactions
- assurance that transactions are being recorded
- assurance that prevention or timely detection of unauthorized acquisition, use of disposition of the assets that could have a material effect on the financial statements
ated that an ineffective control environment should be regarded as atleast a significate deficiency and as a strong indicator that a material weakness in inernal control over financial reporting exists.
the IT control environment includes the IT governance process, monitoring and reporting. The IT governance process includes the information systems strategic plan, the IT risk management process, compliance and regulatory management, IT policies, procedures and standards. Monitoring and reporting are required to ensure IT is aligned with business requirements.
Building a strong internal control program within IT can help to:
- enhance overall IT governance
- enhance the understanding of ITamong executives
- make better business decisions with higher-quality, more timely information
- align project initiatives iwth business requirements
- prevent loss of intellectual assets and the possibility of system breach
- contribute to the compliance of other regulatory requirements, such as privacy
- gain competitive advantage through more efficient and effective operations
- optimize operations with an integrated approach to security, availability and processing integrity
- enhance risk management competencies and prioritization of initiatives
Last Modified: Wednesday, October 27th, 2004 @ 09:43
This entry was posted
on Sunday, October 10th, 2004 at 9:42 am and is filed under Compliance.
You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.
I saw that Prevari was doing some free focus groups related to Sarbanes Oxley. Maybe it’s worth checking out.
http://www.prevari.com/registration.htm