Sox Compliance: Eleven Essential Controls For The Sme

1555 Words4 Pages
bulb-icon

Recommended: Sarbanes-oxley act critique

SOX Compliance: Eleven Essential Controls for the SME

Small to mid-sized enterprises (SMEs) can benefit from implementing control objectives for governance, compliance, and improved security. The Securities and Exchange Commission’s (SEC) recent Sarbanes-Oxley (SOX) announcement puts an end to several years of speculation, so SMEs must get on top of their control game.

Executive Summary

Sarbanes-Oxley (SOX) is here to stay for small to mid-sized enterprises (SMEs), which the Securities and Exchange Commission (SEC) defines as any publicly traded company with less than $75 million in market capitalization. Despite the fact that auditing standards have been adjusted for smaller organizations, many SMEs still need to prioritize and strengthen those internal IT controls that protect information assets.

The Information Systems Audit and Control Association (ISACA) is the organization that sets standards for auditing and grants certification to auditors. New studies from ISACA pinpoint the top controls that are the most important for SMEs. This research note discusses:

» The latest SOX developments in the SME space.

» Key findings from the ISACA study.

» Which tactics SMEs can use to satisfy internal IT controls.

SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.

Optimization Point

Sarbanes-Oxley (SOX) was enacted in 2002 as an anti-fraud measure in the wake of large accounting scandals such as Enron and WorldCom. Until recently, the Securities and Exchange Commission (SEC) applied the same SOX auditing practices to all companies, regardless of their size, infrastructure, level of risk, or available resources. As long as it was publicly traded, whether the market cap was less than $75 million or more than $100 billion, the same auditing rules and standards applied for all companies.

Show More
Related

  • Smackey Dog Food Case Study

    2287 Words  | 5 Pages

    Arens, Alvin A., Elder, Randall J., and Beasley, Mark S. (2012). Auditing and Assurance Services:

    Read More

  • Internal Controls and the Sarbanes-Oxley Act

    782 Words  | 2 Pages

    The Sarbanes-Oxley Act of 2002 (SOX) was named after Senator Paul Sarbanes and Michael Oxley. The Act has 11 titles and there are about six areas that are considered very important. (Sox, 2006) The Sarbanes-Oxley Act of 2002 made publicly traded United States companies create internal controls. The SOX act is mandatory, all companies must comply. These controls maybe costly, but they have indentified areas within companies that need to be protected. It also showed some companies areas that had unnecessary repeated practices. It has given investors a sense of confidence in companies that have complied with the SOX act.

    Read More

  • Critique of the Effectiveness of the Sarbanes-Oxley Act

    2708 Words  | 6 Pages

    Sarbanes-Oxley Act, which contains 11 sections, was originally created by Senator Paul Sarbanes and Representative Michael Oxley in response to the several exposed accounting scandals, including WorldCom and Enron as the most prominent examples. As a result of these accounting scandals being exposed one after another, the confidence that investors had put in the capital markets collapsed overnight along with those companies that engaged in huge frauds. Sarbanes-Oxley Act of 2002 had been passed to redeem the reputation of the markets. With its stated purpose, which is “to protect investors by improving the accuracy and reliability of corporate disclosures,” SOX Act came into effect in 2004. However, the deadlines of compliance have been extended several times due to the significant costs incurred by companies’ compliance of the SOX Act. In addition to the dollar amount required to spend, another real cost that cannot be ignored. As stated by Peter Bible, the CAO of General Motors Corp, “having ...

    Read More

  • Events Leading Up to the The Sarbanes-Oxley Act

    1213 Words  | 3 Pages

    The Sarbanes-Oxley Act was enacted on July 30, 2002. It was enacted by the 107th United States Congress. It is named after sponsors U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. It is also known as the ‘Public Company Accounting Reform and Investor Protection Act’ in the Senate and ‘Corporate and Auditing Accountability and Responsibility Act’ in the House. The main purpose of this act was to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. This act was enacted as a result to a number of corporate and accounting scandals including those affecting Enron, Tyco internationals, Adelphia, Peregrine Systems, and WorldCom. The Securities Exchange Commission (SEC) adopted many rules in order to implement the Sarbanes-Oxley Act.

    Read More

  • Accounting Fraud, the Investor and the Sarbanes Oxley Act

    1981 Words  | 4 Pages

    Throughout the past several years major corporate scandals have rocked the economy and hurt investor confidence. The largest bankruptcies in history have resulted from greedy executives that “cook the books” to gain the numbers they want. These scandals typically involve complex methods for misusing or misdirecting funds, overstating revenues, understating expenses, overstating the value of assets or underreporting of liabilities, sometimes with the cooperation of officials in other corporations (Medura 1-3). In response to the increasing number of scandals the US government amended the Sarbanes Oxley act of 2002 to mitigate these problems. Sarbanes Oxley has extensive regulations that hold the CEO and top executives responsible for the numbers they report but problems still occur. To ensure proper accounting standards have been used Sarbanes Oxley also requires that public companies be audited by accounting firms (Livingstone). The problem is that the accounting firms are also public companies that also have to look after their bottom line while still remaining objective with the corporations they audit. When an accounting firm is hired the company that hired them has the power in the relationship. When the company has the power they can bully the firm into doing what they tell them to do. The accounting firm then loses its objectivity and independence making their job ineffective and not accomplishing their goal of honest accounting (Gerard). Their have been 379 convictions of fraud to date, and 3 to 6 new cases opening per month. The problem has clearly not been solved (Ulinski).

    Read More

  • The Healthy Body Wellness Center

    1145 Words  | 3 Pages

    The HBWC business objectives should be included in the Information Security Management System (ISMS) as this document will represent the organizations approach in designing, implementing, and auditing the company 's information system security objectives. In order for the ISMS to be applicable and appropriate to the organization, an examination of the business objectives of the company is required. This step is necessary to understand the needs to the organization when designing these objectives.

    Read More

  • The Rite Aid Fraud

    3260 Words  | 7 Pages

    ...he Sarbanes-Oxley act, which began with companies like Rite Aid abusing the deregulated system, are (1) the required attestation by the CEO and the CFO; and (2) better internal control mandates, procedures and documentation requirements.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • IT Governance in Airline Industry Case Study

    1556 Words  | 4 Pages

    Recently, IT governance has been a mainly factor for fulfill business need from investing in IT area. In addition, Sarbanes-Oxley Act (SOX) mentioned IT governance issues for enhancing internal contro...

    Read More

  • Gender Diversity in Corporate a Governance Report

    823 Words  | 2 Pages

    This report gives the brief overview of the concept of corporate governance, its evolution and its significance in the corporate sector. The report highlights various key issues and concerns that are faced by the organizations while effectively implementing and promoting Corporate Governance.

    Read More

  • Regulation of Financial Misconduct

    1339 Words  | 3 Pages

    The prospects offered by globalization and the accrued benefits from technological innovation have greatly influenced the growth of the business realm in the 21st century world. Despite the increment in success rate of businesses and expansion to global markets, financial misconduct within organizations has threatened to derail the financial success and better public investment decisions (Onyebuchi, 2011). Sprouting from this likelihood of financial misconduct and its detrimental effect, Sarbanes-Oxley Act was enacted in 2002. The genesis of this law can be traced back to a period between years 2000 and 2002 when United States was marred with a perverted upsurge in corporate accounting scandals that tainted the United States securities market and led to loss of public funds invested in listed companies. Scandals of organizations like Adelphia, Peregrine Systems, Tyco International, and Enron among others were great primers to the need for a law regulating the financial accounting profession (Orin, 2008). This paper uses Sarbanes-Oxley Act (SOX) to delineate the main aspects of the regulatory environment for corporations aimed at protecting the public from fraud. Moreover, it will evaluate the effectiveness of SOX in taming future frauds.

    Read More

  • Analysis Of The Enron's Scandal

    1679 Words  | 4 Pages

    By looking at the Enron scandal, there are three major financial-related reformations that have been addressed by the SOX. First, “SOX forbids auditors of public firms from providing to their audit clients most non-audit consulting services” (Prentice, p.9, 2010). This reformation prevents Anderson’s wrongdoing from happening. Second, SOX restricts “off-balance sheet reporting, use of special purpose entities, and pro forma reporting” (Prentice, p.10, 2010). The new rule fixed the fundamental problem raised in the Enron’s scandal, which is the use of “Mark-to-market” accounting policy. Third, “SOX reforms stock analyst practices, primarily by minimizing, in several ways, the motivations they had to falsely praise the stocks of companies whose investment banking business their employers sought” (Prentice, p.10, 2010). This reform prevents stock analysts from giving good ratings

    Read More

  • Essay On IFRS

    1820 Words  | 4 Pages

    Small, medium enterprises (SMEs) are largest types business in the world, making up an estimated 99.7% of business. According to the Federation of Small Businesses (FSB) there are nearly five million existing businesses in the UK as of 2013. SMEs are a key contributor towards economic growth in terms of creating more employment, stimulating innovation and promoting social unity. SMEs are responsible for 47% of private sector employment, yet despite such global present there is still no agreed definition of a SME (Storey 1994). Bolton (1971) attempted to define them through a statistical and economic analysis. Classifications which are based on criteria, such as number of employees or annual turnover, however, do not remain consistent across borders. Given their size, smaller companies tend to be more intent on survival rather than expansion and profit maximisation. Smaller sized firms have always felt that the current reporting framework for IFRS is tailored more for the needs of larger companies and that the heavy cost burden it imposes upon them may not be entirely justified. In response to these concerns, the IASB subsequently issued the IFRS for Small and Medium-sized Entities (IFRS for SMEs) in July 2009. This standard offers an alternative framework which can be adopted by entities in place of the already extant full set of IFRSs or local national requirement standards.(Holt 2010) This essay will critically evaluate the impact of the IFRS for SME’s and whether or not it stands as the most suitable framework available for SMEs to use.

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

  • The History of Auditing

    3399 Words  | 7 Pages

    Auditing has been the backbone of the complicated business world and has always changed with the times. As the business world grew strong, auditors’ roles grew more important. The auditors’ job became more difficult as the accounting principles changed. It also became easier with the use of internal controls, which introduced the need for testing, not a complete audit. Scandals and stock market crashes made auditors aware of deficiencies in auditing, and the auditing community was always quick to fix those deficiencies. Computers played an important role of changing the way audits were performed and also brought along some difficulties.

    Read More

More about Sox Compliance: Eleven Essential Controls For The Sme

Open Document