The Impact of the SOX on information systems

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The Sarbanes-Oxley Act (SOX) was passed in 2002. The bill was sign into law on July, 30th and was cosponsored by Maryland Senator, Paul Sarbanes and Ohio Representative, Michael G. Oxley. (Bryan, 2009) There are number of areas within an organization that can be affected by any new law, SOX is no different. Many areas within the business structure were affected by SOX, this impact is apparent in accounting controls, information systems, in the accounting profession and in financial reporting. These impacted areas will be discussed in depth in the following sections and the success or failure will be assessed as well. However, to begin with, the events that led to the passage of SOX will be discussed.

Events Leading to the Passage of SOX

To understand the reasoning behind the passage of SOX we must explore the events that led up to the passage of the Act. According to Canada (2008), SOX was passed into law with very little debate because of the host of frauds by Enron, WorldCom, Tyco, Adelphia, HealthSouth, and many others. In August 2000, Enron's stock reached an all-time high, and then a year and a half later the company filed for bankruptcy and investigations began where they found grossly inflated earnings and accounting irregularities (Bryan, 2009). Enron wasn't the only entity to blame for this situation, Arthur Andersen, an accounting and auditing firm, "turned a blind eye" as Longnecker (2004) stated. According to Bryan (2009), Arthur Andersen LLP, was charged with obstruction of justice because of the destruction of Enron documents. The most devastating result through this situation was that investor's lost over $70 billion and 4,500 people lost their jobs (Bryan, 2009).

The frauds didn't end with Enron though; the next company to be discovered was WorldCom. WorldCom had many charges filed against them including conspiracy, securities and bank fraud, and false filing with the Securities and Exchanges Commission (Longnecker, 2004). An example Longnecker (2004) provided of the falsifying this company committed is calling their operating expenses, capital expenditures to increase their bottom line. According to Bryan (2009) WorldCom overstated their reported earnings by $7 billion. Employees were hurt by this company's frauds as well. Bryan (2009) states that 40% of employee's 401(k) plans included WorldCom stocks and when the business went under the employees lost $775 million in retirement benefits.

The next corrupt company to be discovered was Adelphia Communications, Inc.. This company was found guilty on charges of misappropriating millions of dollars in corporate funds (Longnecker, 2004). As was mentioned before the frauds of these companies and many others caused the need for some kind of corrective action. According to Bryan (2009) passing SOX was the federal government's reaction to these frauds. Innocent people were hurt by the acts of all these companies and this propelled the government into action. George W. Bush summed it up well when he said "This law says to every dishonest corporate leader. 'You will be exposed and punished.'" (Longnecker, 2004)

What is the Sarbanes Oxley Act?

It is evident through the actions of corrupt actions of many businesses prior to that passage of SOX that something needed to change. Some of changes that have happened as a result of this act are corporate governance, responsibilities of directors and officers, regulation of accounting firms that audit public companies, corporate reporting and enforcement (Lander, 2004, p1) Lander (2004) states that SOX applies to U.S. and non-U.S. public companies that are registered with the Securities and Exchange Commission.

SOX consist of 11 titles and close to 70 subsections (McNally, 2004) Along with these titles and subsection, SOX also contains many provisions. . According to Demitriades (2004), SOX contains the following provisions:

A 5 member public accounting oversight board for the accounting profession

Increased corporate responsibility for financial disclosure

Projecting objectivity and independence of financial security analyst/auditors

Penalties for corporate wrong doing

CEO's & CFO's required to personally certify truth & fairness of company disclosures

Criminal sanctions to protect whistle-blowers

SOX created the Public Company Accounting Oversight Board (PCAOB) who is responsible for enforcing these provisions (Maroney & McDevitt, 2008).

One notable section of SOX is Section 301. This section is commonly known as "the whistle blower provision" (Scott, 2004). According to Scott (2004) companies must have an anonymous system in place where people can report corporate wrong doings. Other notable sections of the Act are Section 404 which affects internal controls and financial reporting (Scott, 2004)

Impact on Information Systems

SOX and its many provisions do not directly state changes that need to be made to information systems, however those systems are still affected by this Act. Braganza & Desouza (2006) states "Section 404 affects information systems (IS) organizations and their leaders, IT Directors, and Chief Information Officers (CIOs)." Many internal controls that the companies must use because of this Act are either fully automated within information systems or are a combination of manual and automated controls (Braganza & Desouza, 2006). According to Braganza & Desouza (2006), corporate information systems, such as accounting information systems, need to be tested for integrity of internal controls. The passage of SOX makes it necessary for companies to improve their information systems. To meet the requirements of SOX companies need improve system controls such as system access and system security (Bryan, 2009). One of the biggest impacts of SOX on information systems was through the mindsets of the companies. IT departments had to change their mindset from being service driven, to being audit driven (Bryan, 2009). Byran (2009) states "SOX has diverted resources away from system upgrades and programming changes, to activities viewed as non-value added such as developing the correct management report." According to Bryan (2009) there are also benefits to the information systems through having a more formalized practices such as logs of changes, who made those changes, and if they were authorized. There are also challenges that SOX creates for companies such the implementations of new systems and the hesitation to acquire companies with older, noncompliant systems (Bryan, 2009).

Impact on Accounting Controls, Financial Reporting and the Accounting Profession

It isn't hard to see how important internal accounting controls are in the eyes of SOX. According to McNally (2007), "Section 404 of SOX requires management to state their responsibility for establishing and maintaining adequate internal control over financial reporting, including authorization and disclosure." Felo & Solieri (2003) believe "a strong internal control environment is vital to preventing fraud. According to Felo & Solieri (2003), external auditors must include a report on management's assessment of the internal control system in their audit report. In light of SOX internal controls have become stronger. Patterson & Smith (2007) suggests that because weak internal control systems are penalized under SOX, dishonest managers will choose stronger systems and in turn less fraud will occur. SOX has caused companies to look at their internal controls and make sure those controls are existent and effective.

Financial reporting is closely related to information systems and internal controls. According to Bloch & Colson (2003), deficient internal controls can adversely affect the reporting of financial data. In order to increase the integrity of financial statements, SOX requires CEOs and CFOs to certify those statements (Lobo & Zian, 2010). According to Lobo & Zian (2010) SOX has caused companies to be more risk adverse and conservative on their financial reporting because of the penalties SOX has created. The greatest impact SOX has had is the improved quality of financial statements through more stringent internal controls (Nagy, 2010)

SOX has created many changes in the way companies do business. Most of the changes SOX has created are related to accounting practices within organizations. The new government standards created by SOX have also created a rise in the number of in the need for accounts (Hagenbaugh, 2005). These accountant need to be aware of all the enhanced standards SOX has created for public companies (Mason, 2008) Before SOX, the accounting profession had never experienced direct external oversight that the PCAOB created (Kleckner & Jackson, 2005). According to Kleckner & Jackson (2005), accountants had to change their approach to auditing financial statements because had been used to stating that detecting fraud was not the purpose of an audit of financial statements. SOX has redefined what accountants are able to in the relations with companies. Kleckner & Jackson (2004) states the Act aids in independence and preventing conflicts of interest. There are number of areas of non-audit services that accountants cannot perform for audit clients such as bookkeeping, financial information system services, appraisals, human resources, investment advising, and much more (Kleckner & Jackson, 2004). Accorind to Kleckner & Jackson (2004) the greatest impact on the profession is the loss of selling additional services to current clients. The accounting profession has gone through tough times with the events prior to the passage of SOX and all the changes that have been made to the profession are meant to aid in the improvement of their image and preventing the occurrence of fraudulent acts.