sarbanes oxley 404 | Compliance Sarbanes Oxley

May 12

Can anyone tell me WHERE in the Sarbanes-Oxley Act of 2002 it says that programmers cannot touch production systems? I know SOX 404 speaks to an internal IT control framework, but I cannot find where it specifically requires by law that programmers not have access to production systems (db servers, etc). I do not argue the validity of this being "best practice", however I doubt it is "against the law".

Programmers being on production systems is not contrary to SOX compliance. That would be an unreasonable expectation given that programmers often need to fix production code or applications on-the-fly. Companies could potentially end up losing so much money they would fight tooth-and-nail to keep such a thing from being illegal. There is a recognized need for programmers to be in production, especially in emergency situations.

That being said, as you stated, it is not best practice to have programmers in production on a regular basis. That is what development and testing environments are for during the pre-production process. Production is not the place for programmers to test or develop their code.

May 10

Sarbanes-Oxley Act of ‘02 – Section 404?

What does Section 404 require of management’s internal control report?

It requires that management institute and monitor internal controls are adequate to ensure accurate financial reporting and to reduce financial risk. Very complex rules and many accounting practices have gotten rich helping corporations get compliant. Get expert assistance–this forum is inadequate for this purpose.

Dec 1

Closing the Auditing Loop on Back-Door Group Policy Changes

See how LT Auditor+ effectively monitors a little known back-door method for making changes to Windows Group Policy.

Duration : 0:2:20

Read the rest of this entry »

Technorati Tags: 404, auditing, Compliance, computer, ffiec, glba, group, HIPAA, it, policy, sarbanes oxley, Security

Nov 29

20091103 Debate on Rep Garrett’s SOX Amendment 2

Debate on Rep. Garrett’s Sarbanes-Oxley Amendment that Garrett and Rep. Adler offered today to the Investor Protection Act of 2009.

The amendment text mirrors legislation Rep. Garrett introduced earlier this year exempting small businesses from Section 404(b) of the Sarbanes-Oxley (SOX) Act of 2002. Garretts bill, the Small Business SOX Compliance Relief Act is aimed at permanently exempting small businesses (non-accelerated filers) from the burdensome reporting requirements contained within Section 404(b)of the SOX Act. Although the stated intent of Sarbanes-Oxley was to provide investor confidence in our markets through greater accountability and disclosure, the Act has had the unintended effect of creating undue—and often unbearable—burdens on small businesses, Garrett said. It is diverting valuable resources away from other legitimate business needs; creating massive and tedious documentation requirements; and discouraging the public listing of both international and domestic companies on U.S. markets. Honest companies are being punished and the U.S. economy will suffer as a result. Especially now, as our country struggles to emerge from a recession, the last thing American small businesses need is another barrier to economic stabilization. My legislation would free small businesses from onerous regulations and allow them to return their focus and their resources to creating jobs for unemployed Americans and innovating for our economy. The Securities and Exchange Commission (SEC) has repeatedly extended the deadline for non-accelerated filers to begin providing audited assessments of their internal controls over financial reporting, an acknowledgement of continued concern about compliance costs. Although reforms were made in 2007 to relax the guidelines for smaller companies, businesses of all sizes still report excessive compliance costs, as noted in an SEC report from September 2009 . In summarizing survey responses from businesses regarding the benefits of Section 404 compliance, the SEC wrote, [A] majority felt that the costs of compliance outweighed the benefits. This was especially true among smaller companies. Regarding the intended decrease in compliance costs following the 2007 reforms, a George Washington University study found that the decrease in audit costs following Auditing Standard No. 5 was not statistically significant . As a result, even following the 2007 reforms, Section 404 of SOX will continue to subject small businesses to overly burdensome fees. The extra requirements of Section 404 increase costs to small companies significantly. Section 404 adds external consulting costs, including legal fees, and substantially increases the audit and attestation fees for these companies. Research by NASDAQ shows that the burden of compliance, on a percentage of revenue basis, is 11 times greater for small companies . This creates an unfair competitive advantage for larger companies. In addition to having an effect on individual businesses, SOX Section 404 may have a dramatic effect on the competitiveness of U.S. capital markets, as the high cost of compliance has the potential to cause public companies to go private, or prevent private companies from going public. Of the small companies surveyed by the SEC, 70 percent reported they had considered going private to avoid subjecting themselves to Section 404 requirements . Additionally, Section 404 requirements may cause foreign companies to delist from U.S. exchanges. Among SEC survey respondents, 77 percent of small foreign firms considered delisting. When businesses have been conducting their affairs within the confines of pre-SOX law and acting with integrity it is reflected in the trust of their shareholders and the strength of the market, said Garrett. There is a place for Federal oversight, but the weighty cost of compliance under Section 404 is slowly strangling small businesses. I believe my legislation will lessen the burden Section 404 unnecessarily imposes on U.S. small businesses, while continuing to bolster confidence in the integrity of publicly held companies.

Duration : 0:5:16

Read the rest of this entry »

Technorati Tags: 2, 20091103, Amendment, Debate, Garrett's, on, Rep, SOX

Nov 24

20091103 Debate on Rep Garrett’s SOX Amendment 1

Debate on Rep. Garrett’s Sarbanes-Oxley Amendment that Garrett and Rep. Adler offered today to the Investor Protection Act of 2009.

Duration : 0:9:47

Read the rest of this entry »

Technorati Tags: 1, 20091103, Amendment, Debate, Garrett's, on, Rep, SOX

Nov 24

M 404

Duration : 20 min 52 sec

Read the rest of this entry »

Technorati Tags: humour

Nov 22

Services

Amper is not your usual accounting firm. Our employees are extremely diverse in their education and business sense so we can provide you with the best possible services imaginable. Because of the fast paced movement in technology, we can provide you the assistance you need to stay ahead of the game.

Accounting Services and Auditing & Assurance enables an overall view of your entire operation.

Economic Response Services is a specialized service for companies adversely affected by the economic downturn. Their purpose is to help companies manage cash flow and tax positions for increased stability and to assist companies with business advice to better manage working capital, debt and capital restructuring.

Public Companies Accounting & Auditing Services. Amper is listed as 9th among public company auditors in the 2005 edition of “Who Audits America.” We audit 30 public companies with combined revenues of $5.5 billion and provide additional services to another 75. Among these services are: Sarbanes-Oxley Section 404, Internal Audit (Outsourced, Co-Sourced), Corporate Executive Taxes, Net Operating Loss Studies, Earnings & Profit Studies, R&D Tax Credits, Pension Plan Audits, IT Governance, M&A Advisory and Due Diligence

The Internal Audit role has become more strategic in nature and has garnered a higher profile within companies. Most recently, audit department resources have been stretched due to the demands placed on them to support management with sarbanes oxley 404 and 302 compliance activities.

Sarbanes-Oxley compliance requires a comprehensive and integrated risk-based approach to SOX compliance that is designed to support the internal control and financial statement assertion requirements mandated by the SOX act.

The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report.

Technology related risk is pervasive in your business, and effective strategies and solutions to manage technology risk have to be based on a holistic view of your business and the ability to understand your business operations, services, goals and objectives.

Employee Benefit Plan audits is a very specialized and unique service. Amper has the experience required to efficiently and accurately perform audits of all types of employee benefit plans including defined contribution plans, defined benefit plans and welfare benefit plans.

Our Litigation & Valuation team of consultants provides superior, specialized services to attorneys in various areas of litigation support, including Business Valuation, Forensic Accounting, Fraud Investigation.

Amper Financial is an extension of our Tax Department that addresses the financial planning, investment, & insurance needs of our clients.

Our tax and audit specialists work in tandem to continually review our clients’ situations for new opportunities in light of changing federal and state income, sales & use tax laws and import and customs regulations.

Duration : 0:0:24

Read the rest of this entry »

Technorati Tags: Mulhare, Tom, www.amper.com;

Nov 21

Dailymotion 404 Page Not Found Marathon

The social video sharing website Dailymotion.com uses consumer generated short videos that represent a video version of the web browsers error page "Page not Found" (Error Code 404) in their actual 404 Page Not Found Error page.

There exist by now over 150 of those movies, 67 of them are shown in this video. Correction, its actually 65 unique videos only.

Two videos are shown twice. Find out which those two are. Each video is numbered, so it is easy for you to say which ones the dupes are. You can post the answer here in the comments (don't cheat and look at comments that might already exist)

You can download this video in AVI format at http://www.mediafire.com/?oyyozdj4nm5

Cheers!
Carsten
http://www.cumbrowski.com/

Duration : 10 min

Read the rest of this entry »

Technorati Tags: 404

Nov 19

SOX 5th Anniversary – Senator Paul Sarbanes

Senator Paul Sarbanes speaks at the 5th Anniversary event commemorating the passage of the Sarbanes-Oxley Act in 2002. He reviews the the changes that have occured since, and talks about many of the benefits resulting from the provisions of the law. He also discusses the principles of Section 404 and need to modify implementation