The changing interaction of finance, information, and technology
The Sarbanes Oxley (SOX) law was adopted to impose hard discipline in the business sector specifically the publicly-listed companies. The collapse of a number of corporate organizations led by Enron, MCI WorldCom, Tyco, Global Crossings or Qwest spawned a critical period of financial confusion and market chaos in the public sector. The ongoing financial crisis is an emerging case in point to explain that things are not well with the financial markets..
Over the years since 2002, investors, creditors, employees, and the government regulatory agencies needed to conduct closer monitoring, implement checks and balances, stricter controls system and define documentation and reporting requirements in the form of compliance system to make sure management does not renege on its agency responsibility with the shareholders.
In addition, at the center stage of the controversies are the external auditors and corporate accountants who, in the midst of corporate failures have apparently been remiss in their duties of safeguarding the interests of third parties. To make matters worse, there is the evident lukewarm maximization of information technology (IT) controls that will ensure objective and prompt reporting, information controls, transparency tempered with the ethical standards of conduct in every aspect of operations, as well as overall good governance practices.
It appears however, that the SOX, in all its stringent detailed IT control provisions remained inadequate in bringing assurance that discipline has indeed been imposed through the use of high technology. The following key questions are moot and academic: The Sarbanes Oxley Act can still be improved and enhanced? Can corporate ethical behavior be manifested in IT controls? Can it be legislated especially those behavioral processes that demand strong ethical decision-making? Is it possible to strengthen IT controls through a peer review?
The Demand for Stricter IT Controls
The demand of the Sarbanes Oxley Act is a supervised compliance system that imposes upon the publicly-listed company the recording, reportorial and control measures subject to the audit examinations of external assurers. Through the intensive use of advanced system of information technology processes, these measures should enable government regulatory agencies and external auditors to promptly detect, document and evaluate compliance systems under heavy penalty provisions. However, the SOX relies so much on the compliance system provided by the listed companies, the external auditors, the regulatory agencies that fraudulent transactions continue to recur finally leading to a more serious financial crisis of global proportions. Here, the issue of compliance appears to be an issue of ethical conduct on the part of management, the auditor and the regulatory body.
IT controls has continuously been found wanting in terms of effectiveness and despite its seemingly efficient implementation. Whether this is due to the speed of technological advances that corporate operations can hardly catch up? Or is it due to the inherent vulnerability of any form of IT controls against intelligent manipulations due to various vested interests that enter the control equation? Or is it the lack of a strong ethical resolve of stakeholders due to greed and irresponsibility within the ranks especially of corporate executives?
Aside from the element of a need for a strong ethical behavior among corporate executives, the IT control weaknesses have been attributed to the lack of physical security to safeguard the IT processes. Here, convenience works against a secure IT placement which will assure accurate, reliable, prompt and even strategic information from every raw data culled from the system. Next is the risk management tool of a business continuity plan which should assure sustained operations especially under scenarios of risks and complexities.
IT controls and the aspect of records retention are often targets with incompatible character. Digital information is very volatile information to manage and should be protected to the maximum limit where they can be accurately accessed within the period prescribed by the law requiring filing of legal action. Stakeholders need to have controlling copies of digital information necessary to assure transparency and assurance of corporate responsibility. Digital technology process cannot be fully understood until the system crashes and the storage of information is lost. Thus, while managing digital information can be complex and troublesome, yet the usefulness of such data and its critical importance to management decision-making is tremendous.
Apparently, the corporate world has not been keen on effectively managing changes in the business environment brought about by the fluidity of the economic scenario and the resultant new economic configuration. Organizational and operating risks have not exactly been addressed resulting to incompatible functionalities in the organization with technology sitting side by side with obsolete behavioral and system areas.
Another issue of weakness is the dependence on third party resources to manage and control information technology processes. Investments in IT controls hardware, software and people can be staggering, hence CEOs and COOs are often reluctant in utilizing the most effective control systems available. Many decision-makers continue to invoke the cost-benefit system to justify inadequacy in IT controls. Here, the synergy of the human capital and the appropriate system changes needed to make the company more responsive to the Sarbanes and Oxley provisions for IT efficiency and effectiveness is determined by the management capability to manage transition brought about by advances in technology. The overall impact of the human-process combination is the quality of expected change occurring within and the degree of assurance resulting.
The Sarbanes and Oxley Act can still be improved. In fact, the use of IT controls should prove compliance with the SOX much better and more efficiently. Online interconnection with the regulatory bodies can prove helpful in monitoring compliance. Peer review of IT controls systems should prove helpful in benchmarking the one audit firm with another. On the aspect of ethics, it is possible to integrate the ethical standards into the IT control practices by carefully providing the means for compliance in the most transparent and objective manner. This can be done by the use of ethical standards checklist to be accomplished by every staff in the assurance engagement. These adopted systems are means to restore credibility and relevance in the market.
One of the most important implied provisions of this act is the need to bring back credibility, honor and responsiveness to the financial recording, reporting and control systems of publicly-listed corporations. This will require investors to closely monitor all the processes available through the comprehensive use of IT in terms of recording, reporting and control.
Overall, the problems faced by the public sector is not so much with the use of technology but with the manifestation of the highest form of ethical behavior and practices confronting the finance functions, the information component of the finance function including the sensitive aspect of the use of the appropriate technology to deliver the financial information available. The changing interaction between finance, information and technology is a phenomenon that will determine whether the finance functions impact all other functions as well. To some extent this has already been proven with the critical importance of the finance factor in the overall effectiveness of the office.
Bumgardner, JD. (2009) Reforming corporate America. Retrieved June 12, 2009 from website: http://gbr.pepperdine.edu/031/sarbanesoxley.html
Wakefiled, M. (2009). Sarbanes Oxley: Its impact on business management.