Wednesday, October 16, 2019
IT Security As Required By Sarbanes-Oxley Term Paper
IT Security As Required By Sarbanes-Oxley - Term Paper Example However, it is a fact that Sarbox also provides parameters and mechanics for enhancing IT security. Thesis statement The benefits of incorporating the provisions of Sarbanes-Oxley Act of 2002 in IT security far outweigh the short-term gains of non-compliance, since the Act injects organizational transactions with security and confidentiality. II) Brief overview/history of the Sarbanes-Oxley Act The Sarbanes-Oxley Act of 2002 was enacted on July 30th, 2002. Because of the original intention and the mandate of the Act, financial accuracy must be certified by the management concerned. Because of the provisions of the Same Act, the penalties for financial fraud have been made more severe. Similarly, the Sarbanes-Oxley Act of 2002 strengthened the autonomy of external auditors who analyze and reexamine the accuracy of corporate statements of accounts and also bolstered the oversight function of the board of directors. Simon, Smalley, and Schultz (2009) divulge that the Sarbanes-Oxley Act of 2002 comes against the backdrop of serious corporate and accounting scandals such as the Enron, Adelphia, Tyco International, WorldCom and Peregrine Systems Scandals. These scandals had cost investors billions of dollars, following the collapse of the affected companies' share prices. These scandals, together with their serious effects weakened public confidence in America's security markets. The Act comprises 11 sections which range from criminal penalties to additional corporate board responsibilities. The Sarbanes-Oxley Act of 2002 demands that the Securities and Exchange Commission implements rulings on prerequisites to compliance with the law. III) How the Sarbanes-Oxley Effects & Constraints on Information Technology Security (Industry & Management) Section 404 Compliance One of the ways the Sarbanes-Oxley Act of 2002 effects and constraints IT security section 404 compliance is by emphasizing a comprehensive understanding of internal controls, as a set of an enterprise's i nternal procedures, providing reasonable assurances that the enterprise will meet its target in all the specified areas. This is the case since Section 404 Compliance extends emphasis on not just historical financial reporting, but on internal controls also. Together with the rules spelled out in the SEC, there is a requirement that public companies' management should assess and report periodically, on the effectiveness of internal controls on financial reporting. To this effect, it is given that the report that the management hands in must be accompanied by statements of evaluations by an external auditor to provide an attestation to the credibility and reliability of the conclusions that the management has made. According to SAI Global (2010), the portfolio that Information Technology Security Section provides also addresses matters beyond Sarbanes-Oxley, to tackle other auditing and legal dimensions of internal controls and the responsibilities that sundry and all actors dispense , when executing systems of internal controls. Even though the Sarbanes-Oxley Act of 2002 is leaner in scope than internal controls, the Portfolio agrees with the fact of the tremendous impact of the legislation and studies a number of its provisions which force moderations on diverse aspects of internal contr
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.