Compliance Sarbanes Oxley

What accounting issues does the Sarbanes-Oxley Act of 2002 address? How do the act’s provisions change the behavior of senior corporate executives and accounting professionals? Do you think this is an effective solution or will it create additional paperwork?

The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management. The Board must adopt an audit standard to implement the internal control review required by section 404(b). This standard must require the auditor evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls.

The Act’s provisions ensures that senior corporate executives and accounting professionals are kept on their toes as they have to make periodic certifications that:
• The signing officers have reviewed the report
• The report does not contain any material untrue statements or material omission or be considered misleading
• The financial statements and related information fairly present the financial condition and the results in all material respects
• The signing officers are responsible for internal controls and have evaluated these internal controls within the previous ninety days and have reported on their findings
• A list of all deficiencies in the internal controls and information on any fraud that involves employees who are involved with internal activities
• Any significant changes in internal controls or related factors that could have a negative impact on the internal controls

It will require more documentation and certainly incur a lot of cost.

Can anyone tell me WHERE in the Sarbanes-Oxley Act of 2002 it says that programmers cannot touch production systems? I know SOX 404 speaks to an internal IT control framework, but I cannot find where it specifically requires by law that programmers not have access to production systems (db servers, etc). I do not argue the validity of this being "best practice", however I doubt it is "against the law".

Programmers being on production systems is not contrary to SOX compliance. That would be an unreasonable expectation given that programmers often need to fix production code or applications on-the-fly. Companies could potentially end up losing so much money they would fight tooth-and-nail to keep such a thing from being illegal. There is a recognized need for programmers to be in production, especially in emergency situations.

That being said, as you stated, it is not best practice to have programmers in production on a regular basis. That is what development and testing environments are for during the pre-production process. Production is not the place for programmers to test or develop their code.

What does Section 404 require of management’s internal control report?

It requires that management institute and monitor internal controls are adequate to ensure accurate financial reporting and to reduce financial risk. Very complex rules and many accounting practices have gotten rich helping corporations get compliant. Get expert assistance–this forum is inadequate for this purpose.

What does a new information system cost? How long does it take to install? What do IT workers make per hour? What’s it take to maintain compliance?
I want figures!!!
Please Help!!!

This a hugely complicated question, because it depends on the size and complexity of the information system you need. An information system can easily cost hundreds of millions of dollars if it requires a great deal of development time, or if overruns or design changes require extra work.

The install time depends on:
* the size and complexity of the system
* how well the organization works with the developers to design the system
* whether the initial development can proceed without a redesign (i.e. – whether they get half way and realize that the initial design was utterly flawed)
* whether the organization changes their mind about what they want
* whether the organization changes their technology requirements in the middle of development.

IT workers can make from $10/hour for help desk to hundreds of dollars per hour for hiring an expert after hours for an emergency. It depends on whether you’re hiring internal workers or contractors, their experience, and what skills you are hiring for.

Finally, it’s hard to plan for future costs of maintaining compliance, because that would require knowing what changes law makers and/or government oversight commissions would want. It can be as cheap as merely maintaining your system, or as expensive as finding out you need a whole new system.

A 10-count $100 million dollar federal whistleblower lawsuit against Fidelity National Information Services on October 16, 2008 Case No 3:08-cv-986-J-34HTS was filed in the Middle District of United States District Courts Jacksonville Division. In the Amended Complaint, Lofton acknowledges ten separate Claims: First Claim -Employment Discrimination: Race; Second Claim – Failure to Prevent Discrimination; Third Claim – Retaliation; Fourth Claim – Encouraging violation of the FCRA; Fifth Claim – Negligent Hiring, Retention and Supervision; Sixth Claim – Violation of Gramm-Leach-Bliley Act and Sarbanes-Oxley Act; Seventh Claim — Wrongful Termination in Violation of Public Policy and the Whistle Blower Act; Eighth Claim – Negligence Defamation; Ninth Claim — Negligent Infliction of Emotional Distress; and Tenth Claim – Intentional Infliction of Emotional Distress. In his complaint Lofton alleges that he was terminated on October 11, 2007 after he reported the violations of company and client policies on August 22, 2007. It is Lofton’s complaint that he was denied the right to work from home in on or around July 2007 or before a non African American was allowed to do so. Lofton has alleged that his supervisor verbally assaulted him on August 24, 2007 after he reported the security compliance breaches. It is Lofton’s argument that he was the recipient of disparate treatment from July of 2007 until his termination. Has anyone been fired by Fidelity?

I’ve not heard any update on this lawsuit. I believe managers should be held accountable for their actions.

federal requlators, bank provide records relating to their anit-money-laundering compliance or their customers?
a. Gramm-Leach-Bliley Act
b.Sarbanes-Oxley Act
c. Bank Secrecy Act
d. USA PATRIOT ACT

d.

It’s covered by Title III of the USA PATRIOT ACT