- Custody of assets
- Authorization or approval of related transactions affecting those assets
- Recording or reporting of related transactions
- Execution of the transaction or transaction activity

Below sample SOX Segregation of duties matrix, download xls.

Financial areas addressed in this checklist include:
- General Close Procedures
- Cash
- Investments
- Accounts Receivable
- Prepaid Expenses
- Other Current Assets
- Fixed Assets
- Accumulated Depreciation and Amortization
- Other Assets
- Goodwill
- Intangible Assets
- Accounts Payable
- Accrued Expenses
- Capital Lease Obligation
- Other Current Liabilities
- Equity

(6 Pages, 33 KB)

Procedures: In order to gain access to the accounting system, an ABC Co. Accounting System Request Form must be completed and approved by the requester’s manager. This form is also used if it is necessary to change an existing user’s access in the event of a job change.

Download detail Accounting System Security Policy in word.

Imagine the shoe on the other foot for a moment if you will. Let’s say your next paycheck fails to miraculously appear in your bank account on payday. A call to payroll connects you with an apologetic soul who spins a sorrowful tale of the difficulties of balancing the debits and the credits, the trials and tribulations of FICA, UCI, Medicare and Medicaid deductions, the myriad nuances of NSS versus SWIFT standards for funds transfers and the damnable misery of dealing with those outsourced bastards at ADP. Would you share a sympathetic sigh, thank the person for their years of trouble-free payroll processing, and tell them to they can pay you whenever they can get around to it? Similarly, if your car disappears from the company parking lot would you lend a sympathetic ear to the security guard who rails on about a lack of staff, and blames the problem on those fat cats in the C-suite that wouldn’t pony up the money for the laser-guided robotic guard dogs that clearly would have prevented the theft, or would you demand answers as to why your car is gone?

Like it or not, a good portion of IT’s responsibilities are unglamorous tasks related to maintaining infrastructure. This is detailed, difficult and thankless work that goes largely unrecognized. Like the trash pickup each evening or the accountant who pores over Sarbanes-Oxley rules until tears fall from her tired eyes, this is noble and necessary work, but work that will never earn you a high-five from the CEO or trip to Vegas with the top salesperson.

This low signal-to-noise ratio coming from IT gives us an organizational “scarlet letter.” Executives brace themselves when they see an IT wonk coming down the hall, expecting to hear the latest litany of complaints and thinly veiled demands for praise. Wondering why your greatest idea ever was passed over for funding? Did the pitch include a long-winded description of all the technical wizardry that would be deployed, and breathless commentary about long hours and complex interfaces? No one wants to hear about the nuances of refining uranium isotopes to power the local nuclear plant when the lights don’t work. What they want is someone who understands and articulates your problem, shows some sympathy, and delivers an improved end state without dragging you through the details. Try listening to your peers outside of IT, and understanding and articulating their business problems devoid of any whining about the technical complexities. If you can articulate the problem, and reliably show up with a cost-effective solution, then the high-fives start rolling in.

The sad fact of the matter is that every department in the company has a thankless infrastructure element that no one acknowledges until it breaks. Just as you expect to be promptly paid each month without whining from payroll, that so-and-so over in marketing expects his database to be patched and maintained without asking, and without ever stopping by to say thanks. Frankly, these tasks are called “work” because that’s what they are. If you want undying admiration, get a dog.
source: techrepublic.com

28 percent of audit committee members are “very satisfied” they understand the process that management uses to identify and assess significant business risks, and only 21 percent are “very satisfied” with the risk reports they receive from management

And, while nine out of 10 respondents say their audit committee is more effective now than before the Sarbanes-Oxley legislation was enacted in 2002, many acknowledge there is still room for improvement — particularly in the area of risk management, which they cited as their top priority.

“The current business and regulatory environment is sharpening the audit committee’s focus on risk management,” said Henry R. Keizer, Vice Chair - Audit, KPMG LLP. “The near ‘perfect storm’ of the credit crunch, economic slowdown and market volatility has placed risk management high on the audit committee agenda, where it is likely to stay for some time.”

Overall, the nearly 300 public company audit committee members who responded to this year’s survey ranked risk management as their top priority, replacing accounting judgments and estimates, which moved to second on the list.

Information Technology (IT) risk and governance moved up to third, with respondents indicating the least confidence in this area. One quarter of respondents said they were not clear about the areas of IT risk the audit committee is responsible to oversee and 26 percent said they were not satisfied with management’s reports on IT risks.

Survey respondents expressed the highest levels of confidence in their oversight of traditional financial reporting areas, including accounting judgments and estimates, internal controls, and 404 compliance.

These 12 controls are: acquire and maintain application software, Acquire and maintain technology Infrastructure, Enable operations, Install and accredit solutions and changes, Manage changes, Define and manage service levels, Manage third-party services, Ensure systems security, Manage the configuration, Manage problems and incidents, Manage data, Manage the physical environment and operations

• Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the company;
• Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company;
• Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

The spotty history of efforts to create industry-specific and process-specific XML standards would suggest that this will be a difficult and long-term effort. The problems have been based more on the inability to standardize business processes than any technical issues.

The SEC is supporting the adoption of XBRL and has released a proposed rule, “XBRL Voluntary Financial Reporting Program on the EDGAR System,”9 accompanied by a “concept release” entitled “Enhancing Commission Filings Through the Use of Tagged Data.”10 The comment periods for the proposed rule and the concept release ended in November 2004, and the SEC is evaluating comment letters and the proposed rule.

Result:

• 62 % of executives agreed that the Sarbanes-Oxley Act strengthened public and investor trust in corporate America
• 74 % said it had done nothing to improve ethical standards at their businesses.
• 68 % agreed that the act was an overreaction to the ethical failures of a handful of executives and has proven burdensome and unnecessary.
• 60 % of private company CEOs said CEO pay at most large public companies is excessive.
• 31 % of CEOs at public companies agreed public company CEO pay is excessive.
• 42% said it was properly aligned while 45 percent said it wasn’t.
• 66% said the convictions show “the system works,” but about the same number said the convictions also “further erode public trust and confidence in business leaders” and “reinforce a negative, unfair stereotype of CEOs.”
• 90 % said the scandals, which shook the business world in the early 2000s, have made corporate leaders more attentive to ethical concerns.
• 94 percent said ethical standards would be beneficial in the long run

Just looking at technology-related companies, federal agencies have successfully brought fraud and related charges against executives of Adelphia, Amkor, Anicom, Apple, AremisSoft, Brocade, Cendant, Comverse, Computer Associates, Dynegy, Enron, Enterasys, Homestore, Imclone, Impath, Integrated Silicon Solution, Juniper, KLA-Tencor, Monster, Network Associates (McAfee), Prudential Securities, Qwest, Refco, Tyco, U.S. Wireless, and WorldCom.

There are also recent allegations against former Broadcom and AOL Time Warner executives, plus ongoing international investigations into Nortel’s ex-CEO and CFO, Samsung’s chairman, and executives of Siemens AG.