Many companies feel that Sarbox requires a holistic look at business and IT infrastructure, starting with financial processes and reaching back to the operational processes that promote them. Any investments made towards Sarbox compliance should also improve the business and provide a return on investment (ROI). Fortunately, many of the companies who have already implemented new processes and procedures to ensure compliance now have the opportunity to improve upon their original efforts by using identity management to automate many of those processes. This paper discusses how identity management technology is ideally suited to automating processes that enable Sarbox compliance.
Sep
3
Aug
25
How has Sarbanes-Oxley impacted corporate governance/ In your opinion, which provision of Sarbanes-Oxley is most difficult for organizations to implement?
No idea jargon to me
Jul
15
What business events was this Act in response to by Congress? Do you think this will help or hurt the business environment?
First of all – who is impacted by SOX (Sarbanes-Oxley Act)? Any company that is publicly held – a company that has shares to buy on any American Stock Exchange. If you are a sole proprietor, a partnership, an LLC, you don’t need to legally comply – but many of the ideas behind the Act are just good business practices. Any foreign-based company that sells on the any American Stock Exchange also has to follow the SOX act, though they had a little more time to get their testing in place.
After the Enron, World Com, Arthur Andersen messes, etc., the government stepped in to protect the investors – and especially protect the employee’s pension funds. They didn’t want to see a group like the out-of-work Enron employees that didn’t even have a pension left.
So – in their wisdom, they came up with the SOX Act. What is required by this act is a series of self-tests that make sure that all the ‘I’s are dotted and the "T’s crossed in a legal way that follows the GAAP (Generally Accepted Accounting Procedures) rules.
This set of tests has to be submitted to the SEC (Security and Exchange Commission), approved, and religiously followed. Companies are subject to audit of their SOX testing and compliance. I am not sure what the fines and penalties are that are assessed – and the company I work for set out to not find this out. We have numerous tests, we self-audit on a monthly basis, and so far we have kept the SEC happy. If you are a publicly-traded company, it would be totally stupid to disregard this ACT.
May
19
What accounting issues does the Sarbanes-Oxley Act of 2002 address? How do the act’s provisions change the behavior of senior corporate executives and accounting professionals? Do you think this is an effective solution or will it create additional paperwork?
The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management. The Board must adopt an audit standard to implement the internal control review required by section 404(b). This standard must require the auditor evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls.
The Act’s provisions ensures that senior corporate executives and accounting professionals are kept on their toes as they have to make periodic certifications that:
• The signing officers have reviewed the report
• The report does not contain any material untrue statements or material omission or be considered misleading
• The financial statements and related information fairly present the financial condition and the results in all material respects
• The signing officers are responsible for internal controls and have evaluated these internal controls within the previous ninety days and have reported on their findings
• A list of all deficiencies in the internal controls and information on any fraud that involves employees who are involved with internal activities
• Any significant changes in internal controls or related factors that could have a negative impact on the internal controls
It will require more documentation and certainly incur a lot of cost.
May
12
Can anyone tell me WHERE in the Sarbanes-Oxley Act of 2002 it says that programmers cannot touch production systems? I know SOX 404 speaks to an internal IT control framework, but I cannot find where it specifically requires by law that programmers not have access to production systems (db servers, etc). I do not argue the validity of this being "best practice", however I doubt it is "against the law".
Programmers being on production systems is not contrary to SOX compliance. That would be an unreasonable expectation given that programmers often need to fix production code or applications on-the-fly. Companies could potentially end up losing so much money they would fight tooth-and-nail to keep such a thing from being illegal. There is a recognized need for programmers to be in production, especially in emergency situations.
That being said, as you stated, it is not best practice to have programmers in production on a regular basis. That is what development and testing environments are for during the pre-production process. Production is not the place for programmers to test or develop their code.
May
10
What does Section 404 require of management’s internal control report?
It requires that management institute and monitor internal controls are adequate to ensure accurate financial reporting and to reduce financial risk. Very complex rules and many accounting practices have gotten rich helping corporations get compliant. Get expert assistance–this forum is inadequate for this purpose.
May
7
What does a new information system cost? How long does it take to install? What do IT workers make per hour? What’s it take to maintain compliance?
I want figures!!!
Please Help!!!
This a hugely complicated question, because it depends on the size and complexity of the information system you need. An information system can easily cost hundreds of millions of dollars if it requires a great deal of development time, or if overruns or design changes require extra work.
The install time depends on:
* the size and complexity of the system
* how well the organization works with the developers to design the system
* whether the initial development can proceed without a redesign (i.e. – whether they get half way and realize that the initial design was utterly flawed)
* whether the organization changes their mind about what they want
* whether the organization changes their technology requirements in the middle of development.
IT workers can make from $10/hour for help desk to hundreds of dollars per hour for hiring an expert after hours for an emergency. It depends on whether you’re hiring internal workers or contractors, their experience, and what skills you are hiring for.
Finally, it’s hard to plan for future costs of maintaining compliance, because that would require knowing what changes law makers and/or government oversight commissions would want. It can be as cheap as merely maintaining your system, or as expensive as finding out you need a whole new system.
May
5
A 10-count $100 million dollar federal whistleblower lawsuit against Fidelity National Information Services on October 16, 2008 Case No 3:08-cv-986-J-34HTS was filed in the Middle District of United States District Courts Jacksonville Division. In the Amended Complaint, Lofton acknowledges ten separate Claims: First Claim -Employment Discrimination: Race; Second Claim – Failure to Prevent Discrimination; Third Claim – Retaliation; Fourth Claim – Encouraging violation of the FCRA; Fifth Claim – Negligent Hiring, Retention and Supervision; Sixth Claim – Violation of Gramm-Leach-Bliley Act and Sarbanes-Oxley Act; Seventh Claim — Wrongful Termination in Violation of Public Policy and the Whistle Blower Act; Eighth Claim – Negligence Defamation; Ninth Claim — Negligent Infliction of Emotional Distress; and Tenth Claim – Intentional Infliction of Emotional Distress. In his complaint Lofton alleges that he was terminated on October 11, 2007 after he reported the violations of company and client policies on August 22, 2007. It is Lofton’s complaint that he was denied the right to work from home in on or around July 2007 or before a non African American was allowed to do so. Lofton has alleged that his supervisor verbally assaulted him on August 24, 2007 after he reported the security compliance breaches. It is Lofton’s argument that he was the recipient of disparate treatment from July of 2007 until his termination. Has anyone been fired by Fidelity?
I’ve not heard any update on this lawsuit. I believe managers should be held accountable for their actions.
May
3
federal requlators, bank provide records relating to their anit-money-laundering compliance or their customers?
a. Gramm-Leach-Bliley Act
b.Sarbanes-Oxley Act
c. Bank Secrecy Act
d. USA PATRIOT ACT
d.
It’s covered by Title III of the USA PATRIOT ACT
Apr
29
• Managed Warehouse Tracking Project; consisting of RF Scanning location Solution
Created the General and Functional Requirements Specifications. Coordinated project and trained the VP of Logistics, 3rd party Consultant and the Warehouse User’s. Utilized the PSC Radio Frequency and Wireless Internet Browser Technologies.
• Managed E-Commerce Allocation and Shipping Project
Created the General and Functional Requirements Specifications. Coordinated project and Trained the Director of E-Commerce, the Fulfillment Managers, 3rd party Consultant and the E-commerce User’s. Implemented the Automated Packaging Systems and Internet Browser Technologies.
• Managed Sarbanes-Oxley Oracle Database Project
Created a Retek User Identity Profile to understand and communicate the System Accessibility for SO compliance. Coordinated project with all of the Retek User’s, the Database Administrator and the Development Team. All modifications were made to the Retek Enterprise System.
I’m not in your field, so I can only give generic advice based on my opinion and things I’ve been taught.
Remember: The resume does not get you the job! The resume is to get you an interview!
You only need enough detail in your resume to prove that you are qualified for the position. Usually this doesn’t require listing every single technology or product you’ve worked with, but it depends on the field. Certainly you don’t need to list every job you’ve ever had, only the most significant/relevant ones!
Be spare with your bullet points and descriptions. Nobody’s going to read everything you’ve got up there. Put in just enough info to describe the nature of the position you held. Focus only on one or two points of experience from that position which are most applicable to the job you’re applying for!
You want impact in your resume. It’s not an autobiography, it’s an advertisement.
Trim it down so someone scanning with their eyes sees enough to say to themselves, "Yes, I’d like to meet this person."
Also, focus on one or two MAJOR accomplishments of your career, to showcase your best work (and ability to produce good work) and to provide a talking point the interviewer can use during the interview.
A resume should be one (1) page only, unless you’re in an industry that requires you to list your publications, patents held, or specific software/technique/certification credentials that may be a lengthy list on a second page.