Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Opinion: Sarbanes-Oxley and IT best practice

by
15th Feb 2005
Save content
Have you found this content useful? Use the button above to save it to your profile.

Xantus Consulting Managing Consultant, Dave Hartley comments on the IT systems, data and infrastructure components critical to business financial reporting processes and the need to establish best practice in advance of Sarbanes-Oxley (SOX) becoming law for European companies listed on US stock exchanges.

"In today's environment, financial reporting processes are driven by IT systems which are deeply integrated in the initiating, authorizing, recording, processing and reporting of financial transactions. As such, they are inextricably linked to the overall financial reporting process and need to be assessed, along with other important processes, for compliance with the Sarbanes-Oxley Act.

"From an IT perspective SOX requires management to use a recognized risk control framework to evaluate overall compliance, and in the UK this can be the Turnbull guidance. At the simplest level the organisation must assess the current state of its IT systems, identify what needs to be done to achieve compliance, and structure a roadmap to get there.

"Established best practice methodologies and frameworks can help provide a basis for addressing many of the IT related issues including the ITIL framework for IT Service Management, and PRINCE2 for tight control of projects. The international security framework ISO17799 is also an important standard that can be used. Indeed organisations should be introducing these as best practice anyway, irrespective of legislation.

"It is important to recognize that it is not only senior management that must assess the effectiveness of controls annually ' the external auditor must also review the controls and make its own assessment. The more the CIO can adhere to standard approaches and frameworks the greater understanding and control there is on the IT infrastructure ' it then becomes much easier to prove compliance.

"The challenge for the CIO is to ensure that IT is a core part of the business SOX compliance programme ' and this is the only way that an effective IT change programme can be designed to deliver the required business needs.

"Despite there being growing resentment in Europe at the unwanted pressure from the US SOX is only one of a number of compliance requirements including Basel 2, Freedom of Information Act, International Accounting Standards and others, and cannot be ignored."

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.