Networking: A Beginner's Guide
uring 2001 and 2002, a number of large accounting scandals--involving
companies like Enron, WorldCom, Global Crossing, and Tyco--rocked the
business world. These various scandals, which substantially reduced investor
confidence in the U.S. equity markets, resulted in Congress passing a law called the
Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act of 2002, also known as SarbOx
or SOX, establishes a framework that governs the accuracy and fairness of financial
reporting for publicly traded companies in the United States, and implements a
number of rules to help reduce the potential for accounting fraud.
Because information technology (IT) systems and processes play an important role
in a company's accounting and reporting duties, the IT department is a critical part of
a company achieving SOX compliance. Almost all of the impact from SOX that affects
IT departments comes from a single section of SOX, called Section 404. However,
before exploring the effects of Section 404 on IT departments, it is helpful for you to
understand the basic contents of SOX.
This appendix begins with a summary of SOX, and then covers key procedures for
an IT internal control system, including compliance testing. The final section presents
some examples of IT standard operating procedures (SOPs).
Sarbanes-Oxley Act Summary
SOX is divided into 11 main parts called titles, each further broken down into a number
of sections. Each title contains between one and nine sections.
You can download the entire text of the Sarbanes-Oxley Act of 2002 from the Public
Title I: Public Company Accounting Oversight Board
Title I mandates that a Public Company Accounting Oversight Board (PCAOB) be
established. The PCAOB oversees the auditing of public companies. This includes
setting up rules that control the auditing, quality control, ethics, independence, and
other standards relating to audit reports.
Under Title I, all public accounting firms must register with the PCAOB. Each
accounting firm must provide the PCAOB with details on which public companies
it audits, the fees it earns, and any complaints or adverse actions against the public
accounting firm. Title I also includes a number of administrative details about the
PCAOB, such as the composition of the board, how long the members serve, and so