Sarbanes – Oxley: Where Information Technology, Finance, and Ethics Meet The Sarbanes – Oxley Act (SOX) of 2002 was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices by organizations. One primary component of the Sarbanes-Oxley Act is the dentition of which records are to be stored and for how long. For this reason, the legislation not only affects financial departments, but also IT departments whose job it is to store electronic records. The Sarbanes-Oxley Act states that all business records, including electronic records and electronic messages, must be saved for not less than five years”. The consequences for noncompliance are fines, imprisonment, or both. The following are the three rules of Sarbanes – Oxley that affect the management of electronic records. 1. The first rule deals with destruction, alteration, or falsification of records and states that persons who knowingly alter, destroy, mutilate, conceal, or falsify documents shall be fined or imprisoned for not more than 20 years or both. 2. The second rule defines the retention period for records storage. Best practices indicate that corporations securely store all business records using the same guidelines set for public accountants, which states that organizations shall maintain all audit or review work-papers for a period of five years from the end of the fiscal period in which the audit or review was concluded. 3. The third rule specifies all business records and communications that need to be stored, including electronic communications. IT departments are facing the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.
Essentially, any public organization that uses IT as part of its financial business processes will find that it must put in place IT controls...
Please join StudyMode to read the full document