| The U.S. House of Representatives passed The | | | | self-assessment of risks for business processes that |
| Sarbanes-Oxley Act in 2002. It seeks to bring in better | | | | affect financial reporting. All business records and |
| ethics and accountability in the operations of | | | | electronic messages are to be saved for not less than |
| companies in the United States | | | | five years. The consequences for non-compliance are |
| The Sarbanes-Oxley Actrequires companies to | | | | fines, imprisonment, or both. |
| disclose internal controls, ethics codes and the | | | | The PCAOB rendered that the management of all |
| structure of their audit committees on annual reports. | | | | companies use an internal control framework standard |
| Most businesses today make use of information | | | | such as the Committee of Sponsoring Organizations |
| technology for all their financial reporting processes. | | | | of the Treadway Commission. The standard describes |
| Data, documents and other key operational processes | | | | how to assess the control environment, determine |
| are managed electronically. Information Technology | | | | control objectives, perform risk assesments, identify |
| plays a vital role in internal control. Chief information | | | | controls and monitor compliance. |
| officers are responsible for the security, accuracy and | | | | Section 302 of the Sarbanes-Oxley Act makes it |
| the reliability of systems that manage and report | | | | mandatory for a set of internal procedures to be |
| financial data. Although the Act places responsibility in | | | | designed to ensure accurate financial disclosure. The |
| corporate financial reporting on the chief executive | | | | signing officers must certify that they are responsible |
| officer (CEO) and chief financial officer (CFO), the | | | | for establishing and maintaining internal controls. They |
| chief information officer (CIO) also plays a significant | | | | must also certify that they have designed internal |
| role in financial reporting. | | | | controls to ensure that material information relating to |
| The Act requires a company to perform a | | | | the company is made known to other officers. |