“sox legislation and sox myths” - sap · • sarbanes-oxley sections 302 &404.a white paper...
TRANSCRIPT
“SOX Legislation and SOX Myths”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2007 SAP AG 1
“SOX Legislation and SOX Myths”
Summary Two of the sections of SOX that pose particularly significant implementation and compliance challenges are Sections 302 and 404.This article details some of the basic facts of these sections along with its troubles and benefits and also brief about the myths prevailing SOX. Author: Charukesh R Gaikwad Company: HCL Technology. Created on: 4 June 2007
Author Bio Charukesh R Gaikwad is working as a GRC specialist in HCL Technologies.
“SOX Legislation and SOX Myths”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2007 SAP AG 2
Table of Contents Summary.......................................................................................................................................... 1 Author Bio ........................................................................................................................................ 1 Sarbanes-Oxley Act:........................................................................................................................ 2
Sarbanes-Oxley Act Section 302: ................................................................................................ 2 Sarbanes-Oxley Act Section 404: ................................................................................................ 2 Trouble and benefits of Sarbanes-Oxley Act ............................................................................... 3 Sarbanes-Oxley Act Myths........................................................................................................... 3
Related Content............................................................................................................................... 3 Copyright.......................................................................................................................................... 4
Sarbanes-Oxley Act: The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX is a controversial United States federal law passed in response to a number of major corporate and accounting scandals. Signed by Congress on July 30, 2002 its overall purpose is to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.
Sarbanes-Oxley Act Section 302: This section is listed under Title III of the act, and pertains to Corporate Responsibility for Financial Reports. The essence of Section 302 of the Sarbanes-Oxley Act states that the CEO and CFO are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure to the SEC As it relates to internal control, section 302 requires the CEO and CFO to state:
• They have reviewed the report • The report does not contain any material untrue statements or material omission or be
considered misleading • The financial statements and related information fairly present the financial condition and the
results in all material respects • They are responsible for internal controls and have evaluated these internal controls within the
previous ninety days and have reported on their findings • A list of all deficiencies in the internal controls and information on any fraud that involves
employees who are involved with internal activities • Any significant changes in internal controls or related factors that could have a negative impact
on the internal controls
Organizations may not attempt to avoid these requirements by reincorporating their activities or transferring their activities outside of the United States
Sarbanes-Oxley Act Section 404: This section is listed under Title IV of the act (Enhanced Financial Disclosures), and pertains to “Management Assessment of Internal Controls”
Section 404(a) describes management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting. It also outlines management’s responsibility for assessing the effectiveness of internal control over financial reporting.
“SOX Legislation and SOX Myths”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2007 SAP AG 3
Section 404(b) describes the independent auditor’s responsibility for attesting to and reporting on management’s internal control assessment
Trouble and benefits of Sarbanes-Oxley Act The controversy over section 404 of Sarbanes-Oxley Act is its substantial cost. These costs can be listed as:
• Costs to the Accounting Profession
• Cost to the Public Companies
• The Soft Cost associated with boards and upper management being too focused on protection and control and spending disproportionate time on value protection rather than value creation.
Although SOX costs corporations billions of dollars and diverts massive resources from production and profit generating activities, it’s not all bad. It has the following benefits:
• Decreased misconduct.
• Increased in corporate data quality.
• Decrease data rework and erroneous intra-corporate and extra-corporate transactions.
• Better operations and improved matching between corporate needs and expenses in lower level corporate control
Sarbanes-Oxley Act Myths The greatest criticism for SOX has been the financial burden imposed on small companies. The SEC received so many complaints about the disproportionately high costs of compliance for smaller public companies. In fact, there are things it doesn’t require. “Jill Gilbert Welytok's, Sarbanes-Oxley for Dummies’ (2006, John Wiley and Sons, 384 Pages, ISBN 0471768464) Chapter 1: The SOX saga” elaborates about this myths. Myth 1: Auditors can’t provide tax services Fact: Although SOX precludes auditors from providing certain services to their clients to prevent Enron-type conflicts of interest; the legislation doesn’t ban tax preparation services outright. Rather, the company’s audit committee is charged with the responsibility of determining who provides tax services. Myth 2: Internal control means data security Fact: Internal control refers to financial controls those impact financial statements, not data security Myth 3: The company isn’t responsible for functions it out sources Fact: Not true. Under SOX Section 404, it doesn’t matter whether you outsource a system, process, or control or handle it internally — if it impacts the financial statements, the reporting company is on the line. This means you may have to directly test the controls at your outside service providers. Myth 4: My Company met the deadline for Section 404 first-year compliance. We’re home free! Fact: Sorry, 404 certification is an annual event. And when it comes to Section 404compliance, a corporation is never “done.” Compliance is a continual and ongoing process. One of the most significant reforms introduced by SOX is the advent of the independent audit board; in the next article I would discuss about the audit environment of SOX.
Related Content • Sarbanes-Oxley Sections 302 &404.A white paper proposing practical cost effective compliance
strategies
• The SOX Saga.
• Guide to the Sarbanes-Oxley Act.
“SOX Legislation and SOX Myths”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2007 SAP AG 4
Copyright © Copyright 2007 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials.
SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages.
Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.