#1.1 DropDownMenuX example 1

SOX

Definition

Sarbanes-Oxley, or SOX, or sometimes called Sarbox, established new and enhanced accounting and reporting standards for public U.S. companies.

This has led to many new reporting and auditing requirements for application development teams that make software that involve company revenue generation, reporting, customer information and accounting.

History

The Sarbanes-Oxley Act of 2002 was passed in response to several major corporation's accounting scandals, such as Enron, Tyco International and WorldCom and the Dot com bust.

These scandals were eroding the public trust of corporate accounting and creating a stock market nightmare for investors. The government wanted to quell this rising tide of no-confidence by overwhelming approving the Sarbanes-Oxley Act.

SOX-Section 404

Assessment of Internal Control requires companies to prove they have control and accuracy of their financial reporting. Section 404 requires each public company to include in their annual report the following list.

  • A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company

  • A statement identifying the framework used by management to evaluate the effectiveness of internal control

  • Management's assessment of the effectiveness of internal control as of the end of the company's most recent fiscal year

  • Disclosure of material weaknesses (A material weakness is a significant deficiency or combination of significant deficiencies that result in more than a remote likelihood that a material misstatement will not be prevented or detected.)

  • A statement that its auditor has issued an attestation report on management's assessment

    Auditor's Attestation

    There are two Auditor objectives in the SOX-Audit.

  • The Auditor needs to state an opinion on whether the financial statements are fairly stated

    Passing the Audits

    Proving that companies have internal controls in place that protect customer information and accurate report financial information are at the heart of the audits.

    Development teams that have sound software development process and follow SCM best practices have found that most of these reporting and auditing processes and procedures to already be in place. It is just a matter of running reports and documenting the audit trail

    However, some organization's development teams that have little to no processes in place have found these new reporting and auditing requirements to be quite invasive and painful to meet. Not only are they struggling with providing audit reports, they are having to create processes that support the accuracy of these reports.

    For many organizations, this is no small feat.

    Solution

  • Create and document a source code access process and follow it.

  • Periodically, review the users who have access, make the required modifications and show the audit trail.

    Links

    Sunny Portugal

    • Custom Search
    North Fork Virgin Zion National Park

    XML RSS
    What is this?
    Add to My Yahoo!
    Add to My MSN
    Add to Google

    Stone Bridge Gascogne

    ADD TO YOUR SOCIAL BOOKMARKS: add to BlinkBlink add to Del.icio.usDel.icio.us add to DiggDigg
    add to FurlFurl add to GoogleGoogle add to SimpySimpy add to SpurlSpurl Bookmark at TechnoratiTechnorati add to YahooY! MyWeb


    © Copyright 2007 - 2008

    Page copy protected against web site content infringement by Copyscape

    Return to top