The Impact of Sarbanes-Oxley (SOX) Act on Information Security Governance
What do you think about the impact of SOX implementation for infosec governance? Gurpreet Dhillon and Sushma Mishra from Virginia Commonwealth University, USA said that SOX has created challenges and set new standards for IT governance in companies. To fully comply with the law, companies will need to improve information quality to insure transparency and reliability. Investors (individual or institutional) are outsiders for the most part and can only rely on the good faith of corporate insiders for insight into effectiveness of the companies. To protect such investors, SOX attempts to legislate ethics and integrity into the public management process.
Government’s determination to increase corporate responsibility has ushered in new legislation that impacts IT directly. With increased disclosures, new enforcement schemes, and emphasis on corporate accountability, SOX delivers significant reforms and places significant demands on IT. The Sarbanes-Oxley Act has the potential to reshape the role of IT in business. The role of IT governance, within the broader context of corporate governance, demands new attention and efforts on the part of the executives, shareholders, and government.
Improvement in technology to meet the requirements would be a driving factor to make the law successful. Technology, such as enterprise resource planning systems, has the potential to meet such demands. Other upcoming technologies like XML, especially the XBRL and XBRL-GL derivatives, could provide firms with the possibility of costefficient, online, real-time systems (Alles, Kogan, & Vasarhelyi, 2004). These facilities could help in posting the financial statements on the Web as soon as they are completed.
The last recorded corporate transactions, contracts, and commitments in process could be made available to public through the company’s Web site even prior to their realization in traditional accounting.
Compliance with legislations like SOX would appear to be a necessary condition for corporate responsibility, but it is insufficient. Public policy merely addresses the manifestations of corporate social pathology. Top executives will have to set an example to other employees in the company by sticking to good corporate practices. A law cannot make people moral or ethical in behavior.
In today’s scenario, the organizational dynamics have reasonably changed from what they were even 20-25 years ago, and the dependency of the organizations on technology has been accelerating. Management practices have to be flexible in terms adopting new technologies. Making use of new technologies for corporate governance practices is cost effective for the companies in the long run. Currently, there is much apprehension about this legislation and it would not be surprising if SOX, like many other complicated laws, has unforeseen results that will dampen the spirit of introducing this law (Alles et al., 2004).
Sarbanes-Oxley was created to restore investor confidence in public markets. This Act has literally rewritten the rules for accountability, disclosure, and reporting of good corporate governance. Ethical practices are no longer optional. The responsibility of making this Act a success lies with the managers and auditors of each and every firm. Such legislation can act as a watchdog, but morality cannot be legislated.
Popularity: 34% [?]
Why, under the Sarbanes-Oxley Act, would an individual be required to fill out a Department of the Treasury- Internal Revenue Service-form W-9 “Request for Taxpayer Identification Number and Certification” just to receive a refund on a faulty product? I purchased a Kodak Printer from a K-mart store. The printer did not work. The form inside the box said if you have any problems with this product DO NOT RETURN IT TO PLACE OF PURCHASE but instead contact Kodak Customer Support At a given phone number. Well after they sent me three more faulty “Certified Refurbished Printers” the last of which they sent a “model upgrade” because of my frustration and of course that one did not work either. I indicated to them at that point that afteer wasting three weeks playing E-mail tag I simply wanted a refund. So I receive in the mail a Form W-9 from Kodak asking me to fill it out completely and submit it for a refund. I don’t feel that I should have to disclose that information just for a refund. The Sarbanes-Oxley Act (SOX) was implemented because of poor bookkeeping, insider trading,company loans to corporate officials and overall poor management practices.I think that taking compliance to this extreme is (number 1 uncalled for) a petty attempt to make everyone suffer for those who got caught with their hands in the cookie jar.