Synopses & Reviews
Sarbanes-Oxley and its international variants are here to stay.
Are you prepared for this new business reality?
Changing the landscape of corporate governance, financial disclosure, and the practice of public accounting, the Sarbanes-Oxley Act (SOX) can be confusing and complex for professionals and executives who must take legal responsibility for their actions, errors, and omissions. One of the most comprehensive, authoritative guides to getting your organization Sarbanes-Oxley-compliant, the new, improved, and expanded Second Edition of Sarbanes-Oxley Guide for Finance and Information Technology Professionals provides a valuable reference for finance and information technology (IT) professionals such as CFOs, CIOs, controllers, auditors, executives, and consultants who are involved in Sarbanes-Oxley-related compliance projects.
With practical, workable advice that every finance and information technology professional must have at their fingertips, the Second Edition covers issues from scope and assessment of SOX to records and information assets management to corporate communication to integrating ITeverything that will be analyzed and optimized in order to meet the compliance and reporting standards demanded by this legislation and investors.
Valuable appendices provide the frameworks and methodologies that get you jumpstarted in your SOX initiatives or help you streamline a SOX project that is already underway.
Written by Sanjay Anand, one of the world's leading corporate governance, risk management, and regulatory compliance experts, the Second Edition features:
- Key aspects and important components of the Sarbanes-Oxley Act
- A methodology to achieve SOX compliancy for your company
- A road map to compliance, including checklists, worksheets, and project plans
- The business and technology implications and resource requirements for compliance
- The future of SOX and its impact on corporate America and the world
Synopsis
Praise for Sarbanes-Oxley Guide for Finance and InformationTechnology Professionals
"Effective SOX programs enlist the entire organization to build and monitor a compliant control environment. However, even the best SOX programs are inefficient at best, ineffective at worst, if there is a lack of informed, competent finance and IT personnel to support the effort. This book provides these important professionals a needed resource for and road map toward successfully implementing their SOX initiative."
Scott Green Chief Administrative Officer, Weil, Gotshal & Manges LLP and author, Sarbanes-Oxley and the Board of Directors
"As a former CFO and CIO, I found this book to be an excellent synopsis of SOX, with impressive implementation summaries and checklists."
Michael P. Cangemi CISA, Editor in Chief, Information Systems Control Journal and author, Managing the Audit Function
"An excellent introduction to the Sarbanes-Oxley Act from the perspective of the financial and IT professionals that are on the front lines of establishing compliance in their organizations. The author walks through many areas by asking 'what can go wrong' types of questions, and then outlines actions that should be taken as well as the consequences of noncompliance. This is a good book to add to one's professional library!"
Robert R. Moeller Author, Sarbanes-Oxley and the New Internal Auditing Rules
"Mr. Anand has compiled a solid overview of the control systems needed for not only accounting systems, but also the information technologies that support those systems. Among the Sarbanes books on the market, his coverage of both topics is unique."
Steven M. Bragg Author, Accounting Best Practices
"An excellent overview of the compliance process. A must-read for anyone who needs to get up to speed quickly with Sarbanes-Oxley."
Jack Martin Publisher, Sarbanes-Oxley Compliance Journal
Synopsis
Praise for Sarbanes-Oxley Guide for Finance and Information Technology Professionals"Effective SOX programs enlist the entire organization to build and monitor a compliant control environment. However, even the best SOX programs are inefficient at best, ineffective at worst, if there is a lack of informed, competent finance and IT personnel to support the effort. This book provides these important professionals a needed resource for and road map toward successfully implementing their SOX initiative."
—Scott Green Chief Administrative Officer, Weil, Gotshal & Manges LLP and author, Sarbanes-Oxley and the Board of Directors
"As a former CFO and CIO, I found this book to be an excellent synopsis of SOX, with impressive implementation summaries and checklists."
—Michael P. Cangemi CISA, Editor in Chief, Information Systems Control Journal and author, Managing the Audit Function
"An excellent introduction to the Sarbanes-Oxley Act from the perspective of the financial and IT professionals that are on the front lines of establishing compliance in their organizations. The author walks through many areas by asking 'what can go wrong' types of questions, and then outlines actions that should be taken as well as the consequences of noncompliance. This is a good book to add to one's professional library!"
—Robert R. Moeller Author, Sarbanes-Oxley and the New Internal Auditing Rules
"Mr. Anand has compiled a solid overview of the control systems needed for not only accounting systems, but also the information technologies that support those systems. Among the Sarbanes books on the market, his coverage of both topics is unique."
—Steven M. Bragg Author, Accounting Best Practices
"An excellent overview of the compliance process. A must-read for anyone who needs to get up to speed quickly with Sarbanes-Oxley."
—Jack Martin Publisher, Sarbanes-Oxley Compliance Journal
About the Author
Sanjay Anand, CFE, CSOX, CSOXP, is Chairperson of the SOX Institute, the only industry-recognized provider of authoritative Sarbanes-Oxley training and certification programs in the world. He is a globally recognized IT and business process management consultant, speaker, and instructor. Mr. Anand is the recipient of such awards as J.D. Edwards Consultant of the Year and Global Enterprise Solutions Outstanding Performance. He is listed in virtually every international "Who's Who" directory, and his articles have appeared in such magazines as Dataquest, TechRepublic, and InformationWeek.
He has an MSc in technology and an MS in computers from the Birla Institute of Technology and Science of Pilani, India, and an MBA and an MS in finance from Boston College. He is a Fellow of the Institution of Electronics and Telecommunication Engineers (IETE).
Table of Contents
PREFACE.
ACKNOWLEDGEMENTS.
INTRODUCTION.
PART I: Sarbanes-Oxley For The Finance Professional.
CHAPTER 1: Scope and Assessment of the Act.
Integrity.
Independence.
Proper Oversight.
Accountability.
Strong Internal Controls.
Transparency.
Deterrence.
Corporate Process Management.
CHAPTER 2: Internal Controls.
Components of Internal Control.
Purpose of Internal Control.
Developing an Internal Control System.
CHAPTER 3: Control Environment.
Risk Assessment.
Information and Communication.
Monitoring.
CHAPTER 4: Material Weaknesses.
Specific Internal Controls to Evaluate.
Disclosure Committee.
CHAPTER 5: Implementing Sarbanes-Oxley: What Does Compliance Look Like?
Time Line.
Checklists.
Reporting, Documentation, and Archiving.
Disclosure.
CHAPTER 6: Technology Implications.
Storage Systems.
IT Solutions.
Changes in IT Management.
CHAPTER 7: Sarbanes-Oxley–Related Bodies.
Public Company Accounting Oversight Board.
Committee of Sponsoring Organizations.
Securities and Exchange Commission.
Financial Accounting Standards Board.
CHAPTER 8: Opportunities and Challenges Created by Sarbanes-Oxley.
Opportunities.
Challenges.
CHAPTER 9: Summary for the CFO.
Changes to Corporate Governance.
Catalyst for Improvement.
PART II: Sarbanes-Oxley For The IT Professional.
CHAPTER 10: Impact of Sarbanes-Oxley.
Impact on the Enterprise, the CEO, and the CFO.
Impact of Sarbanes-Oxley on Corporate Management Systems.
Impact of Sarbanes-Oxley on the Technology Infrastructure.
CHAPTER 11: Technologies Affected by Sarbanes-Oxley: From Sarbanes-Oxley to SOCKET.
Separate Vendor Hype from Reality.
Sarbanes-Oxley Compliance as an IT Project.
Perspective on Sarbanes-Oxley Goals.
Steps for Sarbanes-Oxley Compliance.
Sarbanes-Oxley and The SEC.
CHAPTER 12: Enterprise Technology Ecosystem.
Organic IT Architecture.
Ecosystem and Sarbanes-Oxley.
CHAPTER 13: Implementing the SOCKET Methodology.
Species or Components of the Enterprise Technology Ecosystem.
COSO Framework.
SOCKET Technologies.
Transactional Systems: ERP, SCM, CRM.
Analytical and Reporting Systems.
Data Warehousing.
CHAPTER 14: SOCKET and Enterprise Information Management.
Document Management and Sarbanes-Oxley.
Document Security.
Communication and Networking.
CHAPTER 15: The Process.
Introduction to the Process.
Strategic (Top-Down) Approach.
Tactical (Bottom-Up) Approach.
Monitoring the Audit Team.
Implementation Process: Reengineering for Sarbanes-Oxley Compliance.
Beyond Sarbanes-Oxley: From SOCKET to Success Ecosystem.
Conclusions.
APPENDIX A Sarbanes-Oxley Implementation Plan: Developing an Internal Control System for Compliance (Focusing on Sections 302 and 404).
APPENDIX B Project to Process: Making the House a Home.
APPENDIX C Enterprise Project Management and the Sarbanes-Oxley Compliance Project.
APPENDIX D Enterprise Risk Management—Integrated Framework.
APPENDIX E COBIT 3—Executive Summary.
APPENDIX F COBIT 4—Executive Summary.
INDEX.