Changing Interaction of Finance, Information and Technology Introduction The Sarbanes Oxley Act was introduced in the year 2002 to govern the reporting standards of publicly traded companies. The Act was introduced as a result of several fraudulent activities by well known corporate giants like Enron and WorldCom. Most of these frauds were accounting related. As fraudulent activities by these companies resulted in huge losses for investors, Securities and Exchange Commission initiated and introduced the Act in 2002. Thus, the major objective of the Act is to prevent accounting frauds and improve the financial reporting standards and corporate governance of companies.
Every function of a company works in close association with the IT department. IT departments service is of equal importance to all other departments of a company. Be it the payroll maintenance of the HR department or stock data maintenance of the purchase department. Thus any change in the functional aspects of any of these functions will also affect the IT department. Sarbanes Oxley Act has made many changes in the accounting report standards. That means equal challenges are thrown to the IT managers of a company as is to its finance managers.
This essay is intended to analyze the impact of the Act on the IT department of a company. The main body of the essay will analyze the impact of the Act on IT department. Based on this a conclusion is made in the next part. Impact on IT department when the Act is fully implemented When the Act is fully implemented, public companies will have to comply with several requirements of the Act. This involves compliance in the form of method of accounts preparation and also the method of its reporting.
This is a challenge for the IT department. The first and foremost challenge is the cost involved. Many organizations have already constructed IT systems which may not be suitable for the new reporting process. There are many small companies that have still not fully implemented the Act. It is more challenging for them as constructing an entirely new IT system involve huge cost. Another major impact of Sarbanes Oxley Act is on the IT security or information security.
“When drafted, the writers of the Act did not have IT security in mind. As time has passed, and compliance efforts have been initiated, organizations have begun to realize that without a certain level of assurance regarding IT security controls, compliance is not possible. ” (Byrum, 2003) Compliance with the Act also involves keeping the financial information confidential and thus maintaining the integrity of the data. This is a very big challenge for the IT managers of an organization. Data security systems of an organization are to be monitored continuously because it is always under threat from external forces.
Now it is the responsibility of the IT managers to ensure that the financial information of the company is being protected from any such threat. In the event of the data being stolen by any other external force, IT mangers will also be questioned along with other directors. Companies face several issues in IT controls. When an employee change the department, his access to the previous system was not barred properly. Compliance with the Act creates duplication of activities. After an audit log is done another audit log will have to be done by the company to prove that an audit log was done.
(Worthen, 2005) SOX puts forward a big challenge to companies in terms of training expenses. Most of the IT systems of the companies are very complicated. Many IT employees find it difficult to understand the complicated system. Thus the employees are to be properly trained in order to equip them with best knowledge of the system. Compliance to SOX is not a simple process. Besides the Act being mandatory, many companies fail in the SOX Audit process.
The reasons are many. The main reason for the failure is that companies view it as a onetime process in a year. Activities are done only when the time for reporting approaches. A strategic-integrated approach to reporting is not adopted by companies. This reduces the efficiency of the process as activities are done within limited time frame. This means that there is less planning involved. Therefore, companies should view compliance as a continuous process. Another reason is that there is no proper control procedures adopted by companies.
The control procedures to be adopted by a company are not documented anywhere. This results in an ambiguity about the processes. (Cote, 2008) Conclusion The previous part of the essay has given a brief idea about the impact of SOX on the IT department. As compliance become mandatory, the IT managers are put into great pressure. For a compliance to be effective, it is not only necessary that the financial records are error free but also they are prepared and communicated through proper IT system.
In this scenario it is to be noted that there are few questions that is yet to be resolved about the impact of SOX on IT Management. The main among them is the lack of guidance on the type of reporting system. Though the Act lay down that proper compliance should be done, it does not properly address the impact on IT department. No standards are specified for the system requirements. The second major issue is the huge cost in changing the system to make it up-to-date as per the compliance requirements.
The third issue is that the Act does not give any information to a company with regard to adopting an integrated approach. Companies are not mandated to adopt such strategy. If these problems are addressed properly, IT managers of a company will be kept at better position. Works cited Scott, Byrum. (2003). The impact of Sarbanes Oxley Act on IT Security. Retrieved from http: //www. sans. org/reading_room/whitepapers/casestudies/impact-sarbanes-oxley-act-security_1344 Ben, Worthen. (2005). The Top Five IT Control Weaknesses. Retrieved from http: //www. cio. com/article/8097/_The_Top_Five_IT_Control_Weaknesses Bryan, Cote. (2008). Failed Audit? Retrieved from http: //www. s-ox. com/dsp_getFeaturesDetails. cfm? CID=2022 Thomas, Hoffman.
(2005). More Companies Tap IT for Sarbanes-Oxley. Retrieved from http: //www. computerworld. com/s/article/105463/More_Companies_Tap_IT_for_Sarbanes_Oxley? taxonomyId=018