Sarbanes Oxley Act
Sarbanes Oxley Act
At this point in your academic career, you have probably studied the Sarbanes-Oxley Act (SOX) and the
impact that it has had on publicly traded companies. Because you probably have prior knowledge of
SOX, our discussion is limited to Sections 404 and 409 and their applicability to the study of AIS.
→ Section 404 of SOX, and PCAOB Auditing Standard No. 5 have meant changes for both auditors
and the companies that they audit. To comply with SOX, management must identify, document,
and evaluate significant internal controls. Auditors must, as part of an integrated audit of financial
statements, report on the effectiveness of the organization’s system of internal control. These
requirements represent significant expansions of the internal control-related roles of management
and auditors. These responsibilities are increasing at the same time that computer-based systems
are becoming more sophisticated, thus adding to the complexity of the systems of internal
control. It is important that you understand the systems in order to comply with SOX.
→ Section 409 of SOX requires disclosure to the public on a “rapid and current basis” of material
changes in an organization’s financial condition. Compliance with this section requires the
application of legal, financial, and technical expertise to ensure that the organization’s AIS is able
to produce financial data in a timely and accurate manner. Who else but the accountant, armed
with the latest knowledge of accounting and information technology, can ensure compliance with
these provisions of SOX?
The Sarbanes-Oxley Act is a federal law that enacted a comprehensive reform of business financial
practices. The 2002 Sarbanes-Oxley Act aims at publicly held corporations, their internal financial
controls, and their financial reporting audit procedures as performed by external auditing firms. The act
was passed in response to a number of corporate accounting scandals that occurred in the 2000–2002
period. This act, put into place in response to widespread fraud at Enron and other companies, set new
standards for public accounting firms, corporate management, and corporate boards of directors.
The Enron scandal is likely the largest, most complicated, and most notorious accounting scandal of all
time. Through deceiving accounting tricks, Enron Corporation – the US-based energy, commodities, and
services company – was able to trick its investors into thinking that the firm was doing much better than
it actually was.
1) CPAs must stay current with, embrace, and exploit technology for their benefit for increased
efficiency and expansion of services.
2) The profession must find solutions to offer investors and stakeholders up to date, real-time
financial information and to increase transparency.
3) CPAs must embrace mobile technologies and social media to modernize and enhance
interaction and collaboration with clients and colleagues
4) Fraud may be easier to commit and more difficult to prevent and detect. CPAs must continue
to be vigilant in ensuring data are captured and managed properly and protected from
malfeasance
→ Databases
- Your other accounting courses have emphasized accounting as a reporting function. The
full accounting cycle, however, includes data collection and storage, and these aspects
must become part of your knowledge base. In addition, important to a complete
understanding of AIS are the variety of databases, both private and public; the quantity
and type of data available in these databases; and methods of retrieving those data. To
perform analysis, to prepare information for management decision making, and to audit a
firm’s financial records, an accountant must be able to access and use data from public
and private databases.
→ Reporting
- To design reports generated by an information system, the accountant must know what
outputs are required or are desirable. Often, the user will prepare a report on an ad hoc
basis using powerful report-generating tools or a database query language. These reports
often support management decisions as well as fulfill certain reporting obligations.
→ Control
- Traditionally, accountants have been experts on controlling business processes. As a
practicing accountant, you will probably spend much of your time providing such
expertise. Consider how much more difficult it will be to control modern, complex
business processes. You must develop an understanding of control that is specific to the
situation at hand, yet is adaptable for the future.
→ Business operations
- Organizations engage in activities or operations, such as hiring employees, purchasing
inventory, and collecting cash from customers. An AIS operates in concert with these
business operations. Many AIS inputs are prepared by operating departments—the action
or work centers of the organization— and many AIS outputs are used to manage these
operations. Therefore, we must analyze and manage an AIS in light of the work being
performed by the organization.
→ Events processing
- As organizations undertake their business operations, events, such as sales and purchases,
occur. Data about these events must be captured and recorded to mirror and monitor the
business operations. The events have operational and AIS aspects. To design and use the
AIS, an accountant must know what event data are processed and how they are
processed.
→ Communications
- To present the results of their endeavors effectively, accountants must possess strong oral
and written communication skills.