Sox Compliance: Eleven Essential Controls For The Sme

1555 Words4 Pages
bulb-icon

Recommended: Sarbanes-oxley act critique

SOX Compliance: Eleven Essential Controls for the SME

Small to mid-sized enterprises (SMEs) can benefit from implementing control objectives for governance, compliance, and improved security. The Securities and Exchange Commission’s (SEC) recent Sarbanes-Oxley (SOX) announcement puts an end to several years of speculation, so SMEs must get on top of their control game.

Executive Summary

Sarbanes-Oxley (SOX) is here to stay for small to mid-sized enterprises (SMEs), which the Securities and Exchange Commission (SEC) defines as any publicly traded company with less than $75 million in market capitalization. Despite the fact that auditing standards have been adjusted for smaller organizations, many SMEs still need to prioritize and strengthen those internal IT controls that protect information assets.

The Information Systems Audit and Control Association (ISACA) is the organization that sets standards for auditing and grants certification to auditors. New studies from ISACA pinpoint the top controls that are the most important for SMEs. This research note discusses:

» The latest SOX developments in the SME space.

» Key findings from the ISACA study.

» Which tactics SMEs can use to satisfy internal IT controls.

SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.

Optimization Point

Sarbanes-Oxley (SOX) was enacted in 2002 as an anti-fraud measure in the wake of large accounting scandals such as Enron and WorldCom. Until recently, the Securities and Exchange Commission (SEC) applied the same SOX auditing practices to all companies, regardless of their size, infrastructure, level of risk, or available resources. As long as it was publicly traded, whether the market cap was less than $75 million or more than $100 billion, the same auditing rules and standards applied for all companies.

Show More
Related

  • Smackey Dog Food Case Study

    2287 Words  | 5 Pages

    Arens, Alvin A., Elder, Randall J., and Beasley, Mark S. (2012). Auditing and Assurance Services:

    Read More

  • Internal Controls and the Sarbanes-Oxley Act

    782 Words  | 2 Pages

    The Sarbanes-Oxley Act of 2002 (SOX) was named after Senator Paul Sarbanes and Michael Oxley. The Act has 11 titles and there are about six areas that are considered very important. (Sox, 2006) The Sarbanes-Oxley Act of 2002 made publicly traded United States companies create internal controls. The SOX act is mandatory, all companies must comply. These controls maybe costly, but they have indentified areas within companies that need to be protected. It also showed some companies areas that had unnecessary repeated practices. It has given investors a sense of confidence in companies that have complied with the SOX act.

    Read More

  • Critique of the Effectiveness of the Sarbanes-Oxley Act

    2708 Words  | 6 Pages

    It has been a decade since the Sarbanes-Oxley Act became in effect. Obviously, the SOX Act which aimed at increasing the confidence in the US capital market really has had a profound influence on public companies and public accounting firms. However, after Enron scandal which triggered the issue of SOX Act, public company lawsuits due to fraud still emerged one after another. As such, the efficacy of the 11-year-old Act has continually been questioned by professionals and public. In addition, the controversy about the cost and benefit of Sarbanes-Oxley Act has never stopped.

    Read More

  • Events Leading Up to the The Sarbanes-Oxley Act

    1213 Words  | 3 Pages

    The Sarbanes-Oxley Act was enacted on July 30, 2002. It was enacted by the 107th United States Congress. It is named after sponsors U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. It is also known as the ‘Public Company Accounting Reform and Investor Protection Act’ in the Senate and ‘Corporate and Auditing Accountability and Responsibility Act’ in the House. The main purpose of this act was to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. This act was enacted as a result to a number of corporate and accounting scandals including those affecting Enron, Tyco internationals, Adelphia, Peregrine Systems, and WorldCom. The Securities Exchange Commission (SEC) adopted many rules in order to implement the Sarbanes-Oxley Act.

    Read More

  • Accounting Fraud, the Investor and the Sarbanes Oxley Act

    1981 Words  | 4 Pages

    Throughout the past several years major corporate scandals have rocked the economy and hurt investor confidence. The largest bankruptcies in history have resulted from greedy executives that “cook the books” to gain the numbers they want. These scandals typically involve complex methods for misusing or misdirecting funds, overstating revenues, understating expenses, overstating the value of assets or underreporting of liabilities, sometimes with the cooperation of officials in other corporations (Medura 1-3). In response to the increasing number of scandals the US government amended the Sarbanes Oxley act of 2002 to mitigate these problems. Sarbanes Oxley has extensive regulations that hold the CEO and top executives responsible for the numbers they report but problems still occur. To ensure proper accounting standards have been used Sarbanes Oxley also requires that public companies be audited by accounting firms (Livingstone). The problem is that the accounting firms are also public companies that also have to look after their bottom line while still remaining objective with the corporations they audit. When an accounting firm is hired the company that hired them has the power in the relationship. When the company has the power they can bully the firm into doing what they tell them to do. The accounting firm then loses its objectivity and independence making their job ineffective and not accomplishing their goal of honest accounting (Gerard). Their have been 379 convictions of fraud to date, and 3 to 6 new cases opening per month. The problem has clearly not been solved (Ulinski).

    Read More

  • The Healthy Body Wellness Center

    1145 Words  | 3 Pages

    The HBWC business objectives should be included in the Information Security Management System (ISMS) as this document will represent the organizations approach in designing, implementing, and auditing the company 's information system security objectives. In order for the ISMS to be applicable and appropriate to the organization, an examination of the business objectives of the company is required. This step is necessary to understand the needs to the organization when designing these objectives.

    Read More

  • The Rite Aid Fraud

    3260 Words  | 7 Pages

    ...he Sarbanes-Oxley act, which began with companies like Rite Aid abusing the deregulated system, are (1) the required attestation by the CEO and the CFO; and (2) better internal control mandates, procedures and documentation requirements.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • IT Governance in Airline Industry Case Study

    1556 Words  | 4 Pages

    Recently, IT governance has been a mainly factor for fulfill business need from investing in IT area. In addition, Sarbanes-Oxley Act (SOX) mentioned IT governance issues for enhancing internal contro...

    Read More

  • Gender Diversity in Corporate a Governance Report

    823 Words  | 2 Pages

    This report gives the brief overview of the concept of corporate governance, its evolution and its significance in the corporate sector. The report highlights various key issues and concerns that are faced by the organizations while effectively implementing and promoting Corporate Governance.

    Read More

  • Regulation of Financial Misconduct

    1339 Words  | 3 Pages

    ...of the United States financial securities exchange. Overall, SOX stands strong in its capacity to tame future financial fraud cases. The highly punitive measure for financial misreporting, the sanctions for individual members of board of directors if they append signature on unauthenticated reports, requirement to review internal accounting controls annually, as well as PCAOB’s control on auditing profession are great primers to an ethical financial accounting profession within corporations projecting into the future. Despite the progress and potential to improve United States securities market, the provisions of section 404 of SOX are highly limiting to small organizations and it would be a great help for growth of economy if newly listed public companies would be allowed a grace period on which not to comply with the internal account control assessment and review.

    Read More

  • Analysis Of The Enron's Scandal

    1679 Words  | 4 Pages

    By looking at the Enron scandal, there are three major financial-related reformations that have been addressed by the SOX. First, “SOX forbids auditors of public firms from providing to their audit clients most non-audit consulting services” (Prentice, p.9, 2010). This reformation prevents Anderson’s wrongdoing from happening. Second, SOX restricts “off-balance sheet reporting, use of special purpose entities, and pro forma reporting” (Prentice, p.10, 2010). The new rule fixed the fundamental problem raised in the Enron’s scandal, which is the use of “Mark-to-market” accounting policy. Third, “SOX reforms stock analyst practices, primarily by minimizing, in several ways, the motivations they had to falsely praise the stocks of companies whose investment banking business their employers sought” (Prentice, p.10, 2010). This reform prevents stock analysts from giving good ratings

    Read More

  • The History of Auditing

    3399 Words  | 7 Pages

    Auditing has been the backbone of the complicated business world and has always changed with the times. As the business world grew strong, auditors’ roles grew more important. The auditors’ job became more difficult as the accounting principles changed. It also became easier with the use of internal controls, which introduced the need for testing, not a complete audit. Scandals and stock market crashes made auditors aware of deficiencies in auditing, and the auditing community was always quick to fix those deficiencies. Computers played an important role of changing the way audits were performed and also brought along some difficulties.

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

  • Essay On IFRS

    1820 Words  | 4 Pages

    Small, medium enterprises (SMEs) are largest types business in the world, making up an estimated 99.7% of business. According to the Federation of Small Businesses (FSB) there are nearly five million existing businesses in the UK as of 2013. SMEs are a key contributor towards economic growth in terms of creating more employment, stimulating innovation and promoting social unity. SMEs are responsible for 47% of private sector employment, yet despite such global present there is still no agreed definition of a SME (Storey 1994). Bolton (1971) attempted to define them through a statistical and economic analysis. Classifications which are based on criteria, such as number of employees or annual turnover, however, do not remain consistent across borders. Given their size, smaller companies tend to be more intent on survival rather than expansion and profit maximisation. Smaller sized firms have always felt that the current reporting framework for IFRS is tailored more for the needs of larger companies and that the heavy cost burden it imposes upon them may not be entirely justified. In response to these concerns, the IASB subsequently issued the IFRS for Small and Medium-sized Entities (IFRS for SMEs) in July 2009. This standard offers an alternative framework which can be adopted by entities in place of the already extant full set of IFRSs or local national requirement standards.(Holt 2010) This essay will critically evaluate the impact of the IFRS for SME’s and whether or not it stands as the most suitable framework available for SMEs to use.

    Read More

More about Sox Compliance: Eleven Essential Controls For The Sme

Open Document