Category list

Frameworks and Standards Trends

All over the globe, accounting- and technology- related professional associations are collaborating on standards. Business practices vary significantly around the world, so a single set of frameworks and standards will not appear in the near future. However, these developing frameworks and standards generate discussions that do serve to clarify and provide understanding among disparate foreign bodies in the conduct of trade. While a single set of international standards is not imminent, the tools described in this chapter are nonetheless serving to bridge understanding and promote trade that ultimately benefits all the participants .

References

Auditing Standard No. 2: "An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements" (Effective June 17, 2004), http://www.pcaobus.org.
Committee of Sponsoring Organizations of the Treadway Commission, http://www.coso.org.
http://www.en.wikipedia.org/wiki/COSO.
http://www.en.wikipedia.org/wiki/ITIL_v3.
International Organization for Standardization, "ISO-Overview", February 2004, http://www.iso.org.
ISACA, (prior to January 1, 2006 was known as Information Systems Audit and Control Association), http://www.isaca.org.
IT Infrastructure Library, http://www.itil.co.uk.
IT Governance Institute, http://www.itgi.org.
IT Governance Institute, Board Briefing on IT Governance , 2nd ed. Rolling Meadows, IL, 2003. Copyright 2003 by the IT Governance Institute, http://www.itgi.org.
IT Governance Institute, CoBIT 4.0 , Rolling Meadows, IL, 2005. Copyright 2005 by the IT Governance Institute, http://www.itgi.org.
"NSA INFOSEC Assessment and Evaluation Methodologies", http://www.iatrp.com.
Soleil, Darcy, "Sarbanes Oxley Section 404 Compliance Tips for IT Managers," 2004, per ISACA SOX Forum listserv.
Soleil, Darcy, "Sarbanes Oxley Section 404 Compliance for IT Managers," Auditnet.org.
Software Engineering Institute, http://www.sei.cmu.edu.

Chapter 14: Regulations

An Introduction to Legislation Related to Internal Controls

The global nature of business and technology has long dictated a common understanding and support of standards, as demonstrated by the strategic partnerships of the International Organization of Standardization (ISO), the International Electrotechnical Commission (IEC), the International Telecommunication Union (ITU), and the World Trade Organization (WTO). Participation in these standards bodies has been voluntary, with a common goal of promoting global trading for all countries at all levels. Individual countries have gone further to establish governmental controls on business activities of corporations operating within their boundaries.

Regulatory Impact on IT Audit

Over the past decade , the U.S. government has passed numerous industry-specific privacy acts and other regulations. Each has been intended to protect and support the business consumer. Consequently, internal and external audit groups are tasked with reviewing business processes and procedures to ensure that appropriate business controls are in place to mitigate risks to the business and the consumer.

The International Association of Internal Auditors (IIA) and the International Information Systems Audit and Control Association (ISACA) publish guidelines to assist members of these internal and external audit groups in establishing common controls and audit processes.

Note

Despite numerous voluntary standards and guidelines in addition to regulatory mandates , corporations operating in the United States have been involved in notorious scandals in the early years of the twenty-first century. These scandals rocked global confidence in the U.S. public markets.

History of Corporate Financial Regulation

In the 1970s, the concern over internal controls related to financial reporting began to take shape as a result of the growth in bankruptcies and financial collapses such as Penn Central Railroad in 1970, the largest bankruptcy in U.S. history at that point in time. In 1976, a congressional investigation by the Moss and Metcalf committees recommended increased federal regulation in the areas of accounting and auditing. In 1977, the Foreign Corrupt Practices Act made bribes illegal and required corporations to keep extensive records of transactions for disclosure purposes.

By the mid-1980s, the savings and loan industry had collapsed . Congress looked at whether the government should take over the issuance of accounting standards and oversight of auditors. In 1986, the Committee of Sponsoring Organizations (COSO) examined how fraudulent financial management could be curtailed and how auditors could reduce the recognized gap between what auditors do and what the public expects. COSO published the first formalized guidelines for internal controls known as Internal Controls-Integrated Framework , described in more detail in Chapter 13. These voluntary industry guidelines were intended to help public companies become self-regulating and thus avoid the need for governmental regulation.

In 1991, Federal Deposit Insurance Corporation Act (FDICIA) was enacted for the banking industry as a response to the savings and loan collapse. It introduced upper-management accountability using sign-offs.

However, when Enron and other major corporations failed in 2001 and 2002, the U.S. government moved swiftly to enact the most extensive corporate reforms of all in an effort to restore public confidence in U.S. business operations. The Sarbanes-Oxley Act of 2002 and its subsequent revisions have far-reaching impact on all corporations (foreign and domestic) doing business with the United States and on the technology groups supporting those businesses. This chapter will summarize the impact of Sarbanes-Oxley and other government- and industry-imposed regulations on information services departments.

Buy on amazon.com >>

Davis C., Schiller M., Wheeler K.

<< Previous page

Table of contents

Next page >>

Flylib.com

Category list

Similar pages

Frameworks and Standards Trends