Post reply

Online Resources

  • February 18, 2004 at 3:11 pm

    #178215

    Text of Sarbanes-Oxley Act of 2002:

    http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf

    US Securities and Exchange Commission Resources:

    http://www.sec.gov/spotlight/sarbanes-oxley.htm

    American Institute of Certified Public Accountants:

    http://www.aicpa.org/sarbanes/index-07-09-03.asp

     

    K. Brian Kelley
    @kbriankelley

  • February 23, 2004 at 8:00 am

    This was removed by the editor as SPAM

  • March 4, 2004 at 12:40 pm

    #497378

    Is there a sarbanes-oxley for idiots book?

    What is the sarbanes-oxley act and as a DBA why should I care?

      


    John Zacharkan

  • March 23, 2004 at 1:15 pm

    #500104

    The Sarbanes-Oxley act came in the wake of the fallout from Enron (among others).  As a dba, you will most likely be involved in the section 404 testing.  Your auditors will have to sign off on the attestation of your officers and board of directors that all data critical to the accurate and timely reporting of financial statements has adequate controls.  That means that you will have to prove that your disaster recovery, security, and many other measures that you, as the dba, will most likely be responsible for are adequate to insure that the shareholders can get the information they need to make informed decisions.

  • March 24, 2004 at 2:24 pm

    #500324

    There isn't a Sarbanes-Oxley for Idiots book, unfortunately, since a lot of S-Ox is still like HIPAA... open for legal interpretation.

    Sarbanes-Oxley, in a nutshell, is designed to ensure non-fraudulent financial reporting by publically traded companies. It enforces personal responsibility for the "C-levels" within these companies. In other words, they sign their name saying that the financial report is accurate and hasn't been tampered with. Should it not be, they could face jail time. Along with that, they sign on saying the internal controls designed to produce accurate financial reporting are in place and working. Internal controls hit heavily upon IT. For instance, who has access to the database server where the source data comes from? Controls to prevent unauthorized access must be in place. In addition, auditing mechanisms must be in place. And they must be tested and working.

    For organizations outside of "publically traded" status, there are copy cat laws and regulations coming out that apply to all companies, regardless of status. Indiana's language changes to its RFP process is a good example.

    K. Brian Kelley
    @kbriankelley

  • October 9, 2005 at 4:24 pm

    #596178

    Information Systems Audit and Control Association (ISACA -http://www.isaca.org/)

    IT Control Objectives for Sarbanes-Oxley Final Document

     

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply