PREFACE xi
ACKNOWLEDGEMENTS xiii
INTRODUCTION 1
PART I
Sarbanes-Oxley For The Finance Professional 24
CHAPTER 1
Scope and Assessment of the Act 25
Integrity 25
Independence 25
Proper Oversight 26
Accountability 26
Strong Internal Controls 26
Transparency 26
Deterrence 27
Corporate Process Management 27
CHAPTER 2
Internal Controls 32
Components of Internal Control 33
Purpose of Internal Control 36
Developing an Internal Control System 37
CHAPTER 3
Control Environment 49
Risk Assessment 49
Information and Communication 54
Monitoring 56
CHAPTER 4
Material Weaknesses 58
Specific Internal Controls to Evaluate 58
Disclosure Committee 59
CHAPTER 5
Implementing Sarbanes-Oxley: What Does Compliance Look Like? 62
Time Line 62
Checklists 64
Reporting, Documentation, and Archiving 72
Disclosure 72
CHAPTER 6
Technology Implications 74
Storage Systems 75
IT Solutions 77
Changes in IT Management 78
CHAPTER 7
Sarbanes-Oxley–Related Bodies 79
Public Company Accounting Oversight Board 79
Committee of Sponsoring Organizations 80
Securities and Exchange Commission 82
Financial Accounting Standards Board 83
CHAPTER 8
Opportunities and Challenges Created by Sarbanes-Oxley 84
Opportunities 84
Challenges 86
CHAPTER 9
Summary for the CFO 90
Changes to Corporate Governance 90
Catalyst for Improvement 91
PART II
Sarbanes-Oxley For The IT Professional 93
CHAPTER 10
Impact of Sarbanes-Oxley 95
Impact on the Enterprise, the CEO, and the CFO 95
Impact of Sarbanes-Oxley on Corporate Management Systems 97
Impact of Sarbanes-Oxley on the Technology Infrastructure 100
CHAPTER 11
Technologies Affected by Sarbanes-Oxley: From Sarbanes-Oxley to SOCKET 106
Separate Vendor Hype from Reality 106
Sarbanes-Oxley Compliance as an IT Project 107
Perspective on Sarbanes-Oxley Goals 108
Steps for Sarbanes-Oxley Compliance 109
viii Contents
Sarbanes-Oxley and The SEC 113
CHAPTER 12
Enterprise Technology Ecosystem 114
Organic IT Architecture 114
Ecosystem and Sarbanes-Oxley 115
CHAPTER 13
Implementing the SOCKET Methodology 117
Species or Components of the Enterprise Technology Ecosystem 117
COSO Framework 119
SOCKET Technologies 121
Transactional Systems: ERP, SCM, CRM 121
Analytical and Reporting Systems 126
Data Warehousing 129
CHAPTER 14
SOCKET and Enterprise Information Management 132
Document Management and Sarbanes-Oxley 132
Document Security 137
Communication and Networking 146
CHAPTER 15
The Process 150
Introduction to the Process 150
Strategic (Top-Down) Approach 155
Tactical (Bottom-Up) Approach 159
Monitoring the Audit Team 161
Implementation Process: Reengineering for Sarbanes-Oxley
Compliance 164
Beyond Sarbanes-Oxley: From SOCKET to Success Ecosystem 166
Conclusions 167