1. What section of the SOX compliance law requires proper controls and hence, security controls, to ensure the confidentiality and integrity of financial information and recordkeeping within an IT infrastructure? Explain the information contained in this section. SOX Section 404 mandates that all publicly-traded companies must establish internal controls and procedures for financial reporting and must document test and maintain those controls and procedures to ensure their effectiveness. The purpose of SOX is to reduce the possibilities of corporate fraud by increasing the stringency of procedures and requirements for financial reporting. 2. Who is Richard Scrushy and why is he relevant to SOX?
Richard Scrushy first CEO charged with violating the SOX Act. He was owner and founder of HealthSouth Corp 3. Who, under SOX, is legally accountable for certifying and approving the integrity of the company and its financial reporting to the SEC and other financial organizations? Under the Sarbanes-Oxley Act, the CEO and CFO of publicly traded companies to certify the appropriateness of their financial statements and disclosures and to certify that they fairly present. 4. What is the difference between a form 10-K and a form 10-Q, and who must submit these to the Securities Exchange Commissions (SEC) for publicly traded company financial reporting? 10-K is a company’s annual report that is filed yearly & make public. 10-Q is the company’s quarterly report. Upper management of major companies is to submit these to the Securities Exchange Commissions. 5. What qualifies as a “large accelerated filer,” and how long after the end of the quarter do they have to file their quarterly financial report?
A company that meets conditions of a million dollar amount has been subject to periodic reporting requirements pursuant to Exchange Act Sections for certain amount of time, has previously filed at least one annual report pursuant, and is not eligible to file “Small Business” forms. They have75 days after the end of their quarter they have to file their quarterly financial report. 6. Where would someone go in order to find the quarterly and annual reports for a publicly traded company? A person would go to a company’s webpage to find quarterly and annual reports for publicly traded company. Each company should have an investor relations section.
7. Go into the Edgar Database and find the most recent 10K or 10Q for Microsoft, Nike, and Cisco. Who signed off on the 10K for each of those companies? Microsoft: Assistant Director, Nike: Assistant Director, and Cisco: Assistant Director. 8. What are some of the criminal penalties for falsifying documents, or covers up information related to financial matters and SOX? Some of the criminal penalties for falsifying documents or cover ups information related to financial matters and SOX are imprisonment. Imprisonment varies on situation.
9. What is the Japanese version of SOX, and what agency oversees its implementation? JSOX is the Japanese version of SOX. This is overseen by ULVAC Technologies. 10. Of what was Dennis Kozlowski convicted, and how is it related to SOX? Dennis Kozlowski was convicted for crimes related to authorized bonuses, purchase of art, and other high cost money involvement. It’s related to SOX because fraud for public companies. 11. What is the link between SOX compliance law and information systems security? Section 302 and 404 even though they do not mention IT
12. What sections within SOX compliance law pertain to needing proper internal controls? Section 302 and 404 are needed for proper internal controls to be in compliant with SOX. 13. Explain how these sections within SOX compliance law require proper security controls as it relates to having internal controls. The need for strong internal controls is not limited to public companies, however. Effective internal controls provide all management teams with repeatable and reliable information tools that allow them to identify, manage, and mitigate risk on an ongoing basis
14. Why are Vice Presidents and other executive managers who are privy to financial performance data considered insiders to a publicly traded company as defined by the Security Exchange Commission (SEC)? They would be considered insiders because of the information they have from internal resources. 15. True or False. SOX compliance law now holds CEO’s and CFO’s of publicly traded companies accountable for their actions as officers in a publicly traded company.