Implementing section 404 of the sarbanes oxley act: Recommendations for information systems organizations

Section 404 of the Sarbanes Oxley (SOX) Act addresses the effectiveness of internal controls, which in most organizations are either fully or partially automated due to the pervasiveness and ubiquity of information technologies. Significant or material control deficiencies have to be reported publicly. The adverse impact on organizations declaring deficiencies can be severe, for example, damage to reputation and/or market value. While there are many practitioner-led manuals and methods for dealing with 404, there has been little published in the academic research literature investigating the role of Information Systems organizations in implementing Section 404. The paper addresses this gap in knowledge. We used institutional theory as the lens through which to examine the experiences of Section 404 implementation in three global organizations. We used the case study method and an abductive strategy to gather and analyze data respectively. Our findings are summarized in six recommendations. We found that institutional pressures play a critical role in the implementation of Section 404. In particular, organizations face coercive pressure to achieve Section 404 compliance, without which punitive sanctions can be imposed by regulators. Organizations tend to imitate one another in the methods they use so that each is perceived to be in line with their competitive environment. Organizations face normative pressures to act in ways that are socially acceptable, which is to achieve compliance. Failure to do so would be a signal to the market that the organization does not take controls seriously. We expand these findings in terms of power and influence tactics that IS organizations can use when implementing Section 404. Our findings provide directions for practice and lines of enquiry for further research

A framework for selecting workflow tools in the context of composite information systems

When an organization faces the need of integrating some workflow-related activities in its information system, it becomes necessary to have at hand some well-defined informational model to be used as a framework for determining the selection criteria onto which the requirements of the organization can be mapped. Some proposals exist that provide such a framework, remarkably the WfMC reference model, but they are designed to be appl icable when workflow tools are selected independently from other software, and departing from a set of well-known requirements. Often this is not the case: workflow facilities are needed as a part of the procurement of a larger, composite information syste m and therefore the general goals of the system have to be analyzed, assigned to its individual components and further detailed. We propose in this paper the MULTSEC method in charge of analyzing the initial goals of the system, determining the types of components that form the system architecture, building quality models for each type and then mapping the goals into detailed requirements which can be measured using quality criteria. We develop in some detail the quality model (compliant with the ISO/IEC 9126-1 quality standard) for the workflow type of tools; we show how the quality model can be used to refine and clarify the requirements in order to guarantee a highly reliable selection result; and we use it to evaluate two particular workflow solutions a- ailable in the market (kept anonymous in the paper). We develop our proposal using a particular selection experience we have recently been involved in, namely the procurement of a document management subsystem to be integrated in an academic data management information system for our university.Peer ReviewedPostprint (author's final draft

Analysing B2B electronic procurement benefits – Information systems perspective

This paper presents electronic procurement benefits identified in four case companies. The benefits achieved in the case companies were classified according to taxonomies from the Information Systems discipline. Existing taxonomies were combined into a new taxonomy which allows evaluation of the complex e-procurement impact. Traditional financial-based methods failed to capture the nature of e-procurement benefits. In the new taxonomy, eprocurement benefits are classified using scorecard dimensions (strategic, tactical and operational), which allows the identification of areas of e-procurement impact, in addition the benefits characteristic is captured (tangible, intangible, financial and non-financial)

Compliant and flexible business processes with business rules.

When modeling business processes, we often implicitly think of internal business policies and external regulations. Yet to date, little attention is paid to avoid hard-coding policies and regulations directly in control-flow based process models. The standpoint of this analysis is the role of business rule modeling in achieving business process flexibility. In particular, it is argued that flexible business process models require business rules as a declarative formalism to capture the semantics of policy and regulation. Four kinds of business rules can be used as a starting point to generate less complex control-flow-based business process models. It is shown that these different kinds of business rules relate to different perspectives in the taxonomy of business process flexibility.

Insurance of operational risk under the New Basel Capital Accord

Risk management

THE OPTIMIZATION OF THE INTERNAL AND EXTERNAL REPORTING IN FINANCIAL ACCOUNTING: ADOPTING XBRL INTERNATIONAL STANDARD

More and more enterprises, especially the listed companies, have adopted newaccounting norms and regulations (IFRS or US GAAP, Bale II and, in perspective, SURFI),manifesting interest for publishing financial reports using a standard format able to considerablyimprove their communication, data collection in the receiving units, control and analysis offinancial information. When switching to the new accounting rules specified in international orregional standards and norms, regulatory and control bodies recommend the XBRL format forfinancial reporting, with recognition of the regional jurisdiction. Our paper makes a review of theliterature, presents the XBRL specific elements and proposes possible solutions for internal andexternal financial reporting of an enterprise. Finally, it concludes on the benefits of adopting XBRLat national level in a potential XBRL Romania project.accounting norms, financial reporting, XBRL, taxonomy, XBRL jurisdiction.

Enforcement in Dynamic Spectrum Access Systems

The spectrum access rights granted by the Federal government to spectrum users come with the expectation of protection from harmful interference. As a consequence of the growth of wireless demand and services of all types, technical progress enabling smart agile radio networks, and on-going spectrum management reform, there is both a need and opportunity to use and share spectrum more intensively and dynamically. A key element of any framework for managing harmful interference is the mechanism for enforcement of those rights. Since the rights to use spectrum and to protection from harmful interference vary by band (licensed/unlicensed, legacy/newly reformed) and type of use/users (primary/secondary, overlay/underlay), it is reasonable to expect that the enforcement mechanisms may need to vary as well.\ud \ud In this paper, we present a taxonomy for evaluating alternative mechanisms for enforcing interference protection for spectrum usage rights, with special attention to the potential changes that may be expected from wider deployment of Dynamic Spectrum Access (DSA) systems. Our exploration of how the design of the enforcement regime interacts with and influences the incentives of radio operators under different rights regimes and market scenarios is intended to assist in refining thinking about appropriate access rights regimes and how best to incentivize investment and growth in more efficient and valuable uses of the radio frequency spectrum

Developing a Conceptual Framework for Cloud Security Assurance

Postprin