A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process

The Sarbanes-Oxley Act introduces a new set of requirements into software development. Corporations need to assess their internal control effectiveness for business processes to show compliance with the act. This paper proposes a conceptual framework for integrating Sarbanes-Oxley compliance needs into software development by mapping the activities of an established framework for internal controls to the various workflows of the systems development process. Theoretical and practical contributions are discussed and future research directions are explored

Business Process Risk Management, Compliance and Internal Control: A Research Agenda

Integration of risk management and management control is emerging as an important area in the wake of the Sarbanes-Oxley Act and with ongoing development of frameworks such as the Enterprise Risk Management (ERM) framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on an inductive methodological approach using literature review and interviews with managers engaged in risk management and internal control projects, this paper identifies three main areas that currently have management attention. These are business process risk management, compliance management and internal control development. This paper discusses these areas and identifies a series of research questions regarding these critical issuesRisk management; Internal control; Business processes; Compliance; Sarbanes-Oxley Act; ERP systems; COSO; COBIT

A Framework for Integrating Sarbanes-Oxley Compliance into the Software Development Process

The Sarbanes-Oxley act introduces a new set of requirements into software development. Corporations need to assess their internal control effectiveness for business processes to show compliance with the act. This paper proposes a conceptual framework for integrating Sarbanes-Oxley compliance needs into the software development process by mapping the various stages of the software development process with an established framework for internal controls

Hybrid process modelling within business process management projects

Business Process Management (BPM) is still an important research topic amongst both academics and businesses. The recent recession has forced businesses to focus on cost control and efficiency in order to better cope with the economic downturn. Many companies in this situation turn to BPM software as a means of improving their efficiency and costs by reducing aspects of the business such as process lead-times and material costs. In order to identify areas of the business and its processes which require changing the business will most likely adopt a method of modelling their business processes. Because of the large number of available techniques decision makers usually struggle to decide the best approach. Recent literature has also pointed out that prevalent modelling techniques are designed to serve one specific purpose and may not be capable of modelling the whole picture. The key relationship between the information systems and the human behaviour is one example of where existing techniques are biased towards opposite ends of the scale. This paper proposes the use of a hybrid modelling notation composed of multiple existing notations in order to bridge this. The hybrid notation was applied to a BPM project at a company in the construction industry and a case study conducted with its users

Private Enterprise, Public Trust: The State of Corporate America After Sarbanes-Oxley

The highly visible accounting scandals that surrounded the collapse of Enron, WorldCom, and several other major companies -- together with the revelation of fraud and other acts of malfeasance by corporate executives -- aroused public outrage, called into question the values and ethics of business leaders, and undermined the public's confidence in public companies. CED is concerned about the reality, as well as the appearance, of corporate impropriety. This policy statement examines the state of corporate governance in the United States and offers practical recommendations for restoring public trust in business. Recommendations include:- Making Audit Committees Autonomous and Vigorous- Ensuring that users understand that financial information is based on judgments- Giving Sarbanes-Oxley a chance to work- Taming excessive executive compensation- Using independent nominating committees to select and appraise director

Incorporating Sarbanes-Oxley Into A College Accounting Curriculum: Lessons Learned

This paper attempts to identify the ways and give examples of how Sarbanes-Oxley compliance can be taught in real time using the SAP R/3 system and the many lessons derived from the experience. The Sarbanes-Oxley Act significantly impacts CEO’s, CFO’s and public accountants. It also applies to all levels of management. Organizations and their managers need to recognize the significance of Sarbanes-Oxley compliance as well as the benefits it can provide. These benefits include reliability of the financial statements, quality of reporting, and also the opportunity to review a company’s processes and enhance the efficiency of all financial and operating departments. Integrating SAP technology into the classroom has been one of the primary initiatives of the Department of Accounting, a signature program at Saint Joseph’s University, in Philadelphia, Pennsylvania.  The implementation and roll-out process has covered a variety of areas from navigation to key business processes and accounting within SAP R/3.  With the evolution of the Sarbanes-Oxley Act and the need for compliance within a company, the department decided that students should be given exposure on how to use SAP R/3 to conduct 404 walkthroughs in consonance with the Sarbanes-Oxley initiatives. Due to the integrative nature of SAP technology the system is best able to conduct audit processes and create exception reports needed to identify material weaknesses and deficiencies

The Role of Boards in Reviewing Information Technology Governance (ITG) as Part of Organizational Control Environment Assessments

IT Governance (ITG) is an important topic as US companies must now monitor ITG under the provisions of the Sarbanes-Oxley Act (2002) (Hoffmann, 2003). Trites (2003) indicates that directors are responsible for strategic planning, internal control structures and business risk. The control environment is defined in Australian Auditing Standard AUS 402 to mean "the overall attitude, awareness and actions of management regarding internal control and its importance to the entity". This paper contributes to the knowledge of ITG by forming an integrated ITG Literature (IIL) which links prior research to four key dimensions of ITG. The paper presents a review of literature on ITG performance measurement systems which assess the ability of organizations to achieve these four ITG dimensions. A revised ITG Dimensions Model offered for consideration. The final contribution of the paper is to propose critical issues Boards should consider as part of their assessment of organizational control environments

Sarbanes-Oxley Act of 2002 and IT education

Even though information technology (IT) educators have been teaching basic principles of information systems for over 20 years, business organizations have chosen to ignore or not implement them. By not integrating information systems and allowing uncontrolled manual intervention it was easier to commit the frauds and the financial scandals of the late 1990's and early 2000's. The frauds and financial scandals have resulted in a large increase in business regulation with many compliance requirements and possible fines and jail sentences for non-compliance. IT educators need to take some lessons from their accounting colleagues (Titard, 2004) and modify IT curriculum to take advantage of the compliance environment to focus on the basic principles of creating quality up-to-date information for organization decision making and to see them implemented

SOX And ERP Adoption

The objective of this paper is to examine the relationship between the implementation of the Sarbanes-Oxley (SOX) legislation and Enterprise Resource Planning (ERP) systems, and to investigate the impact that the passage of this legislation has had on the decision for companies to adopt ERP technology.  The legislation itself is discussed, along with an analysis of ERP systems, including their components, their advantages and disadvantages, and the critical factors and crucial components which must be present for the successful deployment of such systems.  This paper explores the contributory effect of SOX on ERP adoption.  The authors concluded that SOX merely accelerated an inevitable process.  The best managers will always find and use the best tools to maximize benefits to their organizations.  The requirements of Sarbanes-Oxley forced companies to rethink their processes and technology, and therefore may have provided the final incentive for companies to commit to ERP