In: Operations Management
Government is cleaning up the way companies do business after accounting and governance scandals rocked investor confidence and damaged the reputation of companies large and small. The Sarbanes-Oxley Act (SOX) of 2002 was enacted in response to the high-profile Enron and World Com financial scandals to protect shareholders and the public from accounting errors and fraudulent practices by organizations. One primary component of the SOX is the definition of which records are to be stored and for how long. For this reason, the legislation not only affects financial departments, but also IT departments whose job it is to store electronic records. SOX states that all business records, including electronic records and electronic messages, “must be saved for not less than five years.” The consequences for noncompliance are fines, imprisonment, or both. Three rules of Sarbanes-Oxley affecting the management of electronic records address the following areas: A. The destruction, alteration, or falsification of records. It states that persons who knowingly alter, destroy, mutilate, conceal, or falsify documents shall be fined or imprisoned for not more than 20 years, or both. B. The retention period for records storage. Best practices indicate that corporations securely store all business records using the same guidelines set for public accountants. Organizations shall maintain all audit or review work papers for a period of five years from the end of the fiscal period in which the audit or review was concluded. C. The business records and communications that need to be stored, including electronic communications. IT departments are facing the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation. Essentially, any public organization that uses IT as part of its financial business processes must implement IT controls to comply with SOX. BENEFITS FROM SARBANES-OXLEY Many businesses are promoting the benefits they received from implementing SOX. General Electric Co., which spent about $30 million on SOX compliance, has added controls that boost investors’ confidence in the company. United Technologies used SOX to standardize bookkeeping audits in its disparate businesses around the world. The biggest advantage of all, though, may be the greater confidence investors have in financial results. Some officials believe it will take another two years (around 2008) for companies, auditors, and regulators to apply the law efficiently. That might appear to be a long time, and it may seem to be expensive; however, it is a small price to pay to help organizations run smoothly and renew investor confidence. IMPLEMENTING SARBANES-OXLEY Ultimately, Sarbanes-Oxley compliance will require a great deal of work among all departments. Compliance starts with running IT as a business and strengthening IT internal controls. The following are a few practices organizations can follow to ensure compliance with the Sarbanes- Oxley Act. Overhaul or upgrade financial systems to meet regulatory requirements for more accurate, detailed, and timely filings. Examine the control processes within the IT department and apply best practices to comply with the act’s goals. For example, segregation of duties within the systems development staff is a widely recognized best practice that helps prevent errors and out-right fraud. The people who code program changes should be different from the people who test them, and a separate team should be responsible for changes in production environments. Ensure that information system customization are not overriding controls by working with internal and external auditors. Homegrown financial systems are fraught with potential information-integrity issues. Although leading enterprise resource planning (ERP) systems offer audit-trail functionality, customization of these systems often by pass those controls. Work with the CIO, CEO, CFO, and corporate attorneys to create a document- retention-and-destruction policy that addresses what types of electronic documents should be saved, and for how long. Required: i. What do you think an unethical accountant or manager at Enron thought were the rewards and responsibilities associated with his or her job
The unethical mangers, accountants, or other employees think that the basic pay is less than their expectations. An unethical employee wants something extra from the job and the workplace. It is unethical because the employee starts to adopt corruptive and disruptive practices for gaining more. The greedy and unethical employees go to any limits to gain more than what the company offers as the basic pay or salary. For instance, if an employee at Enron earns 1,00,000 bucks as the salary, the expenses exceed the basic pay. The employee tends to earn more than the salary or even bonuses in the company. So, the employee tends to involve in corruption and unethical or illegal practices. The employee also can sell the vital information of the company that only limited members know. Hence, it is a drawback for the company to hire any unethical employee in the team. It is also essential to supervise the work and tasks of all the employees. The managers cannot define the motive of the employees at the time of recruitment and selection. The unethical employees might also force the other employees to complete their tasks by offering them more money and incentives. The superior managers take advantage of unethical practices, and gains from these practices to influence the employees at a secondary level to complete their respective tasks. Hence, it is unethical also to involve the entire team in the company. However, the managers can only ask for a basic salary from the company.