Discussion
ISOL 633 Legal, Regulations, Investigations, and Compliance
UNIVERSITY OF THE CUMBERLANDS
School of Computer and Information Sciences
Housekeeping
Lecture Roadmap:
Chapter Seven: Corporate Information Security and Privacy Regulation
Discussion Post
The Enron Scandal
Why Is Accurate Financial Reporting Important?
What is the Sarbanes-Oxley Act (“SOX”)?
Critical Aspects of SOX
Critical Sections of SOX
Where SOX applies
Public Company Accounting Oversight Board (“PCAOB”)
Compliance and Security Controls
Privacy
Principle Concepts
Workplace Privacy
Chapter Seven: Corporate Information Security and Privacy Regulation
Chapter Seven: Corporate Information Security and Privacy Regulation The Enron Scandal
1990s and early 2000s: Growth, Public Company, and Complex Financial Transactions
Officers owned many affiliated companies where losses were hidden
High operating costs, debts
GAAP Nonconformance
Enron filed for then-largest U.S. bankruptcy
Retirement funds dropped $1.3 billion
Demise of accounting firm Arthur Andersen
U.S. prosecuted many Enron’s executives
Investor Confidence: Enron was not alone
Securities and Exchange Commission Fraud Detection
Three Disclosure Statements (http://edgar.sec.gov/edgar/searchedgar/companysearch.html):
Form 10-K
Form 10-Q
Form 8-K
Chapter Seven: Corporate Information Security and Privacy Regulation Why Is Accurate Financial Reporting Important?
Chapter Seven: Corporate Information Security and Privacy Regulation What is the Sarbanes-Oxley Act (“SOX”)?
Critical Aspects
Protect Investors
New Corporate Accountability
Civil & Criminal Penalties
Officers <> Board <> Auditors
Reporting Requirements
Internal Control Report
Auditors Attestation
Critical Sections
Section 201: Services outside the scope of auditor practice
Section 302: Corporate responsibility for financial reports
Section 404: Assessment of internal controls
Section 409: Real-time issuer disclosures
Section 802: Criminal penalties for altering documents
Section 806: Protection of employees exposing fraud
Section 807: Criminal penalties for defrauding shareholders
Section 906: Imposes criminal liability for fraudulent financial certifications.
Chapter Seven: Corporate Information Security and Privacy Regulation Public Company Accounting Oversight Board (“PCAOB”)
Registers Acct. Firms
Establishing Standards
Inspects Acct. Firms
Investigations & Discipline
Enforce SOX Compliance
Chapter Seven: Corporate Information Security and Privacy Regulation Compliance and Security Controls
Assessing ICFR
COBIT
GAIT
ISO/IEC Standards
NIST Computer Security Guidance
ICFR Assurances
Accurate maintenance of reports, records, data
GAAP
Prevent & detect unauthorized data
Chapter Seven: Corporate Information Security and Privacy Regulation Workplace Privacy
Principle Concepts
Privacy of Employee Data
Privacy of Customer Data
Privacy of Corporate Data
Congress created the Sarbanes-Oxley Act in response to scandal. It passed SOX to help improve investor confidence in publicly traded companies. SOX places rules on public companies and other organizations. These rules promote trustworthy financial reports. The scope of SOX extends to any public company functions or processes that impact financial reporting. The scope of SOX within a company is very broad. SOX requires that companies review many information technology processes to make sure that they’re trustworthy.
The scope of SOX is broad. Its influence extends even to organizations that aren’t required to follow it. For example, private companies and nonprofit organizations may choose to follow SOX to show their commitment to good governance.
Chapter Seven Summary
Discussion Post
Read Chapter 8
Homework Assignments