Essentials of Sarbanes-Oxley E-Book

Contents

Foreword

Preface

Acknowledgments

Chapter 1: Background

Introduction

Corporate Scandals

Investor, Employee, and Public Trust

Corporate Governance

History of the Sarbanes-Oxley Act

SEC and PCAOB

Conclusion

Summary

Notes

Chapter 2: Introduction to the Sarbanes-Oxley Act

Introduction

Key Principles of SOX

Principle-and Rule-Based Legislation

Sox Compliance

General Compliance Requirements

Benefits of Compliance

Consequences of Noncompliance

Voluntary versus Mandatory Compliance

Corporate Perceptions of SOX

Conclusion

Summary

Note

Chapter 3: Selected SOX Sections

Introduction

Section 103: Auditing, Quality Control, and Independence Standards and Rules

Section 201: Services Outside the Scope of Practice of Auditors

Section 302: Corporate Responsibility for Financial Reports

Section 404: Management Assessment of Internal Controls

Requirements of Section 404 Internal Control Report

Requirements of the Executive Officers

Section 406: Code of Ethics for Senior Financial Officers

Section 409: Real Time Issuer Disclosures

Section 806: Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud

Conclusion

Summary

Notes

Chapter 4: Implementing a Strategy

Introduction

Challenges of Compliance

Strategy Outline

Original PCAOB Audit Standard No. 2

Updated PCAOB Audit Standard No. 2

Conclusion

Summary

Note

Chapter 5: Industry Frameworks

Introduction

Committee of Sponsoring Organizations

Control Objectives for Informational and Related Technology

Conclusion

Summary

Notes

Chapter 6: Achieving Sustainable Compliance

Introduction

Cost of Compliance

Factors Relating to High Initial Cost

Projected Decline of Costs

PCAOB Recommendations for Minimizing the Costs Associated with Section 404

Technology and Sustainable Compliance

Sustainable Compliance Strategies

Conclusion

Summary

Notes

Chapter 7: Technology Solutions

Introduction

IT Components Relevant to SOX Compliance

Relevant SOX Sections for IT

Steps for Successful Implementation of IT Controls

Subcertification

ISO/IEC 17799 Framework

Security Best Practices

IT Infrastructure Library

National Institute of Standards and Technology

Software

Benefits of IT in SOX Compliance

Conclusion

Summary

Chapter 8: Beyond the American Corporation

Introduction

Outsourcing Challenge

Uniqueness of Small Businesses

Impact on Foreign Issuers

Impact on Nonprofit Organizations

Conclusion

Summary

Notes

Afterword

Appendix: Summary of the Sarbanes-Oxley Act

Glossary

Index

Advertisement

Essentials Series

The Essentials Series was created for busy business advisory and corporate professionals. The books in this series were designed so that these busy professionals can quickly acquire knowledge and skills in core business areas.

Each book provides need-to-have fundamentals for those professionals who must:

Other books in this series include:

For more information on any of the above titles, please visit www.wiley.com

Copyright © 2007 by Sarbanes-Oxley Institute. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Wiley Bicentennial Logo: Richard J. Pacifico.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993, or fax 317-572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

For more information about Wiley products, visit our Web site at http://www.wiley.com.

Library of Congress Cataloging-in-Publication Data

Anand, Sanjay.

Essentials of Sarbanes-Oxley / Sanjay Anand.

p. cm.

Includes index.

ISBN 978-0-470-05668-4 (pbk.)

1. United States. Sarbanes-Oxley Act of 2002. 2. Corporations–Accounting–Law and legislation–United States. 3. Disclosure of information–Law and legislation–United States. 4. Financial statements–Law and legislation–United States. 5. Directors of corporations–Legal status, laws, etc.–United States. 6. Corporate governance–Law and legislation–United States. I. Title.

KF1446.A315A83 2007

346.73’0666–dc22

To my parents

Foreword

In the past decade I, like so many others, observed carefully as the ethical fabric of corporate America fell to shreds. I watched CEO after CEO paraded in front of the public for their crimes. But I saw more than what the news cameras showed; I saw the danger of history repeating itself.

Fraud hurts business. When it occurs on as grand a scale as we witnessed, it hurts the economy as awhole. I anticipated and hoped that some measures would be taken to reinstate public trust in our markets.

When the Sarbanes-Oxley Act (SOX) was first introduced, I heard the collective gasp rise up from Corporate America. We all knew that this Act was not going to make life easy for corporations, but there was hope that the efforts would be worthwhile.

As someone who has dedicated his professional career to fraud prevention and education, I felt motivated and inspired. I knew that with education and assistance, companies could achieve compliance. In SOX I saw a chance to reinstate American corporations as pinnacles of business, fit for emulation.

The first years were as rough as I predicted they would be; costs were high and knowledge was low, which can be a disheartening situation. I believed that with the right guidance, companies could work within the SOX framework and build a balance between their needs and those of their shareholders.

We have seen this to be true. The costs of compliance are becoming increasingly more manageable as information and education have improved. I anticipate seeing even greater improvements in the years to come, and this book is going to have a hand in creating those improvements.

I have been privileged to work with Sanjay through the SOX Institute. He subscribes to the same belief that I do: Educating people makes the difference. Companies will have greater compliance success when they have a strong team holding them up.

Sanjay believes, and teaches, that when a company has the knowledge, the ethics, and the leadership, it will achieve compliance.

I am thrilled that Sanjay has chosen to complement his growing library and write a book that reaches out to the expanding audience of those impacted by SOX. His sharing of his knowledge of governance, his experience with companies and corporations around the globe, and his expertise with the Act is truly valuable.

As a strategic advisor and certified consultant, Sanjay has worked with the roll call of Fortune 500 and Global 2000 companies. These companies have benefited not only from his intelligence and knowledge, but also from his innovation and dedication. I know that they join my commendation of this book.

I have heard Sanjay referred to as the “consultant’s consultant.” Every time he sees a gap in knowledge and understanding, he works tirelessly to fill it. He sees the changing environment of SOX as an endless source of opportunities to educate.

This book does just that. It fills the gaps and ensures that everyone impacted by SOX will have the information at his or her fingertips. Better yet, it explains the concepts in a straightforward manner that is so refreshing in our world of jargon.

This is the book that should be on the CEO’s nightstand, in the board member’s gym bag, and the MBA student’s hand. It fills the gaps between theory and execution, and teaches us all those important lessons of compliance.

No professional should be without a copy of this book.

Professor Tommy Seah

CFE, CMC, FAIA, ACIB, MIIA, FIFA, AICFA, CSOXP

Vice-Chairman, Board of Regents

Association for Certified Fraud Examiners (ACFE)

Preface

In 2002 the U.S. Senate added the Sarbanes-Oxley Act (SOX)to the network of securities regulations that it has been building to keep corporate America in check. This Act was fledged from a desire to protect investors, and the U.S. economy, from the threat of scandal and corruption in publicly traded companies. In an effort toward off future Kenneth Lays and Arthur Andersens, SOX establishes strict expectations and imposes even stricter penalties for compliance failure.