The Age of Compliance How Sarbanes-Oxley affects IT management

The Age of Compliance How Sarbanes-Oxley affects IT management

The Fall of Enron Filed for Bankruptcy December 2001 Accounting errors 600 million Special Purpose Entities (SPE) Andrew Fastow (CFO)

The Demise of Andersen Strong beginnings Role change for Accountants Increase in non-auditing services Cover-up WorldCom debacle Not alone on the corrupt auditing front

Sarbanes-Oxley Act Architects: – Senator Paul Sarbanes – Representative Michael Oxley July 30, 2002 – signed by President Bush

PCAOB Public Company Accounting Oversight Board All accounting firms must register 5 member board – 2 CPA’s – 3 non CPA’s First Chairman – William Webster Current Chairman – William McDonough

PCAOB Review existing standards Review attestation of internal controls Set new standards Authority to investigate and discipline

Auditor Independence Non-audit services for auditing clients are no longer allowed – Bookkeeping – IS design – Any other consulting services Rotate partners every 5 years No ex-audit team executives

Internal Audit Committee Not on the company bank roll Select and compensate auditor Oversee the audit Resolve issues between auditor and company

New Requirements for execs. Statement of appropriateness – Financial statements and disclosures Section 404 – Internal Control Report

Internal Control Report Management responsible for IC Assessment of effectiveness of IC If material weaknesses – Must disclose – Can’t issue internal control report Compliance dates – November 15, 2004 ( 75 million mkt caps) – April 15, 2003 ( 75 million mkt caps)

Disclosures Material Adjustments Off-Balance Sheet transactions Company – Executive transactions Financial expert on Audit Committee Code of Ethics

White Collar Crime Enhancement Keep audit papers and email 7 years Destroying files felony Securities Fraud – Statute of Limitations increased – Maximum imprisonment increased to 10 years “Whistleblower Protection”

White Collar Crime Enhancement Mail/wire fraud increased imprisonment SEC can prevent felons from exec. Positions SEC can stop oversized payments to officers Financial Statement fraud – 5 million – 20 years imprisonment

Pre Sarbanes-Oxley Flexibility Loosely defined policies Unsegregated responsibility

Initial Reactions [I] doubt if the CIO would even be interested -Patrick Kiernan; senior financial systems analyst Companies that don’t involve the CIO are simply missing the point of the legislation -Tom Patterson; KPMG senior manager

Forced Changes Role of CIO changes IT departments shift focus

Compliance Issues Infrastructure Software Storage Outsourcing

Infrastructure Issues Network integrity – Increased dependency on open IP network – IP guidelines are in an “embryonic state” Lack of security Policies

Steps in Addressing Infrastructure Issues Update financial transaction and reporting systems Document proper maintenance procedures Develop policies for making adjustments to financial systems

Software Aid in Compliance Developers include – – – – Oracle Redmond OpenPages Concur

Data Storage Develop written police for retaining and storing data Maintain records for seven years (recommended) – Three tiered approach

Outsourcing Use of service providers doesn’t reduce the responsibility of corporate executives from maintaining effective internal controls -Public Company Accounting Oversight Board

Evaluating Controls of Business Parrners SAS 70 – In-depth examination of internal controls – Service offered by accounting firms Satisfactory SAS 70 Type II Audit – Likely to meet Sarbanes-Oxley requirements – Mitigates Risk

Benefits Comapnaies with well run compliance processes enjoy share-price premiums, competitive advantages, improved moral, and reduced risk -Steven Lindseth; Chairman of Axentis Inc.

Costs Loss of control Loss of privacy Project delays

Career in a Compliance Driven Era Expanding opportunities – Systems auditing – Storage experts Skills That could give you a competitive advantage – – – – Understand control objectives Exhibit professional skepticism Comprehension of basic components of Sarbanes-Oxley Maintain a basic knowledge of accounting terminology and accounting systems