Q. What is Sarbanes-Oxley? A.

The Sarbanes-Oxley Act of 2002 (also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX, S-Ox or Sarbox; July 30, 2002) is a controversial United States federal law named after sponsors Senator Paul Sarbanes (DMd.) and Representative Michael G. Oxley (R-Oh.), the Act was approved by the House by a vote of 423-3 and by the Senate 99-0. The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. The first part of the Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. Q. What companies does SOX apply to? A. Any company governed by the Securities and Exchange Commission (SEC) which includes all publicly traded companies; including all divisions, and their wholly owned subsidiaries, must comply with Sarbanes-Oxley. In addition Sarbanes-Oxley also applies to any non-US public multinational company engaging in business in the US.

Q. Why was SOX implemented? A. The law was passed in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International and WorldCom. These scandals resulted in a decline of public trust in accounting and financial reporting practices. quisitions of companies into a larger public entity.

Q. What are the penalties for noncompliance to SOX? A. Corporate noncompliance to earlier government regulations, such as occupational health and safety rules in the work place (OSHA requirements), resulted in corporate fines, lawsuits and negative publicity. Noncompliance to Sarbanes-Oxley regulations is harsher. A CEO or CFO who submits a wrong certification is subject to a fine of up to $1 million and imprisonment for up to 10 years. If the wrong certification is submitted “willfully,” the fine can be increased up to $5 million and the prison term can be increased up to 20 years. Q. What is S-Ox 404? A. Section 404 of the Sarbanes-Oxley Act relates to Management's assessment of internal control over financial reporting. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. Acquisitions of companies into a larger public entity.

Q. What does SOX 404 have to do with information technology? A. The financial reporting processes of most organizations are driven by IT systems. Few companies manage their data manually and most companies rely on electronic management of data, documents, and key operational processes. Therefore, it is apparent that IT plays a vital role in internal control. Chief information officers are responsible for the security, accuracy and the reliability of the systems that manage and report the financial data. Systems such as ERP (Enterprise Resource Planning) are deeply integrated in the initiating, authorizing, processing, and reporting of financial data. As such, they are inextricably linked to the overall financial reporting process and need to be assessed, along with other important process for compliance with Sarbanes-Oxley Act. So, although S-Ox signals a fundamental change in business operations and financial reporting, and places responsibility in corporate financial reporting on the chief executive officer (CEO) and chief financial officer (CFO), the chief information officer (CIO) plays a significant role in management's assessment of internal control under Section 404 and in supporting the financial statement certification process.

Q. When do companies have to be compliant with S-Ox? A. For non-accelerated filers (registered companies with a market cap of $75 million or less), the implementation date for complying with the reporting requirements regarding management's evaluation of internal controls has changed several times. In December 2006, the Securities and Exchange Commission (SEC) issued its most recent final regulation which states: • a non-accelerated filer must include its management report on internal control over financial reporting for fiscal years ending on or after December 15, 2007 • a non-accelerated filer is required to file its auditor's attestation report on internal control over financial reporting when it files its annual report for fiscal years ending on or after December 15, 2008. In addition, the SEC has amended its filing requirements regarding the reporting on internal control for newly public companies. Under the new amendments, a company will not be required to include its report on internal controls until the year following its first annual report.

Q. What is the SEC? A. The United States Securities and Exchange Commission (commonly known as the SEC) is a United States government agency having primary responsibility for enforcing the federal securities laws and regulating the securities industry/stock market. The SEC was created by section 4 of the Securities Exchange Act of 1934 (now commonly referred to as the 1934 Act). In addition to the 1934 Act that created it, the SEC enforces the Securities Act of 1933, the Trust Indenture Act of 1939, the Investment Company Act of 1940, the Investment Advisers Act of 1940, the Sarbanes-Oxley Act of 2002 and other statutes. Christopher Cox is the current chairman of the SEC.

Q. What is GAAP? A. Generally Accepted Accounting Principles (GAAP) is the standard framework of guidelines for financial accounting. It includes the standards, conventions, and rules accountants follow in recording and summarizing transactions, and in the preparation of financial statements.

Q. What is FASB? A. The Financial Accounting Standards Board (FASB) is a private, not-for-profit organization whose primary purpose is to develop generally accepted accounting principles (GAAP) within the United States in the public's interest. The Securities and Exchange Commission (SEC) designated the FASB as the organization responsible for setting accounting standards for public companies in the U.S. It was created in 1973, replacing the Accounting Principles Board and the Committee on Accounting Procedure of the American Institute of Certified Public Accountants. The FASB's mission is "to establish and improve standards of financial accounting and reporting for the guidance and education of the public, including issuers, auditors, and users of financial information."

Q. What is COSO? A. Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. Its major objective is to identify the factors that cause fraudulent financial reporting and to make recommendations to reduce its incidence. COSO has established a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems. COSO is sponsored and funded by 5 main professional accounting associations and institutes; American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives Institute (FEI), The Institute of Internal Auditors (IIA) and The Institute of Management Accountants (IMA). Q. What is the PCAOB? A. The Public Company Accounting Oversight Board (or PCAOB) (sometimes called "Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a 2002 United States federal law, to oversee the auditors of public companies. Its stated purpose is to 'protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.

Q. What is AS5? A. The recently released Auditing Standard No. 5 of the Public Company Accounting Oversight Board (PCAOB), which superseded Auditing Standard No 2, has the following key requirements for the external auditor: • Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks; •Understand the flow of transactions, including IT aspects, sufficiently to identify points at which a misstatement could arise; • Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework; • Perform a fraud risk assessment; • Evaluate controls designed to prevent or detect fraud, including management override of controls; • Evaluate controls over the period-end financial reporting process; • Scale the assessment based on the size and complexity of the company; • Rely on management's work based on factors such as competency, objectivity, and risk; • Evaluate controls over the safeguarding of assets; and • Conclude on the adequacy of internal control over financial reporting.

Sign up to vote on this title
UsefulNot useful