The U.S. House of Representatives passed The Sarbanes-Oxley Act in 2002. It seeks to bring in better ethics and accountability in the operations of companies in the United States The Sarbanes-Oxley Actrequires companies to disclose internal controls, ethics codes and the structure of their audit committees on annual reports. Most businesses today make use of information technology for all their financial reporting processes. Data, documents and other key operational processes are managed electronically. Information Technology plays a vital role in internal control. Chief information officers are responsible for the security, accuracy and the reliability of systems that manage and report financial data. Although the Act places responsibility in corporate financial reporting on the chief executive officer (CEO) and chief financial officer (CFO), the chief information officer (CIO) also plays a significant role in financial reporting. The Act requires a company to perform a self-assessment of risks for business processes that affect financial reporting. All business records and electronic messages are to be saved for not less than five years. The consequences for non-compliance are fines, imprisonment, or both. The PCAOB rendered that the management of all companies use an internal control framework standard such as the Committee of Sponsoring Organizations of the Treadway Commission. The standard describes how to assess the control environment, determine control objectives, perform risk assesments, identify controls and monitor compliance. Section 302 of the Sarbanes-Oxley Act makes it mandatory for a set of internal procedures to be designed to ensure accurate financial disclosure. The signing officers must certify that they are responsible for establishing and maintaining internal controls. They must also certify that they have designed internal controls to ensure that material information relating to the company is made known to other officers. Under Section 404 of the Act, the management of a company is required to produce an internal control report as part of each annual Exchange Act report. The report must reaffirm the responsibility of the management in establishing and maintaining adequate internal control structures and procedures for financial reporting. The report must also contain an assessment of the effectiveness of the internal control structure. All corporations operating in the United States should take steps to understand the Sarbanes-Oxley Actin minute detail to ensure that steps are taken to comply with it. |
