This has led to many new reporting and auditing requirements for application development teams that make software that involve company revenue generation, reporting, customer information and accounting.

History

The Sarbanes-Oxley Act of 2002 was passed in response to several major corporation's accounting scandals, such as Enron, Tyco International and WorldCom and the Dot com bust.

These scandals were eroding the public trust of corporate accounting and creating a stock market nightmare for investors. The government wanted to quell this rising tide of no-confidence by overwhelming approving the Sarbanes-Oxley Act.

SOX-Section 404

Assessment of Internal Control requires companies to prove they have control and accuracy of their financial reporting. Section 404 requires each public company to include in their annual report the following list.

A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company

A statement identifying the framework used by management to evaluate the effectiveness of internal control

Management's assessment of the effectiveness of internal control as of the end of the company's most recent fiscal year

Disclosure of material weaknesses (A material weakness is a significant deficiency or combination of significant deficiencies that result in more than a remote likelihood that a material misstatement will not be prevented or detected.)

A statement that its auditor has issued an attestation report on management's assessment

Auditor's Attestation

There are two Auditor objectives in the SOX-Audit.

The Auditor needs to state an opinion on whether the financial statements are fairly stated

Passing the Audits

Proving that companies have internal controls in place that protect customer information and accurate report financial information are at the heart of the audits.

Development teams that have sound software development process and follow SCM best practices have found that most of these reporting and auditing processes and procedures to already be in place. It is just a matter of running reports and documenting the audit trail

However, some organization's development teams that have little to no processes in place have found these new reporting and auditing requirements to be quite invasive and painful to meet. Not only are they struggling with providing audit reports, they are having to create processes that support the accuracy of these reports.

For many organizations, this is no small feat.

Solution

Create and document a source code access process and follow it.

Periodically, review the users who have access, make the required modifications and show the audit trail.

Links

Future SCM

SCM Tools have evolved from simple checkin and checkout tools to fully encompassing ALM products.

In addition to source code control, these tools now encapsulate change control, software builds, project management, item/defect tracking, and fully automated testing capabilities.

What direction will SCM take in the future?

Make Your Opinion Known!

Take our SCM Salary Survey

This is a collection salaries of SCM Professionals of different backgrounds, education, experiences and locations

Please add your information to the collection

To Participate

SCMWise.com Blog great free widgetsWidgetbox

August 2009
March 2009
August 2008

Survey of SCM Salaries

What are other SCM Professionals making?

Interested???

SCM