Problem:
The circumstances of the creation and implementation of the Sarbanes-Oxley act are a matter of public record, and need no major review here. There is no shortage of information about the act and its implications thus far, and even less shortage of speculation about its future impacts and the way in which compliance with those rules will alter corporate culture, particularly in terms of how financial information is maintained and shared. In the case for this module, we consider certain aspects of the effects of Sarbanes-Oxley on IT management, now and in the future.
In 2004, Knowledge@ Wharton (2004) presented an analysis of the subject; a number of experts were cited, with widely varying views as indicated here by the following excerpts.
"I'm not sure Sarbanes-Oxley has had as much impact as the scandals themselves, which have made organizations want to avoid scandals in the future," says finance professor Marshall E. Blume. "Right after Enron I was talking to an oil company executive who told me, 'We're going to put everything in the annual report now.'"
Thomas W. Dunfee, professor of social responsibility in business, suggests that "it's too soon to know in any detail the impact that the legislation is going to have. It's like an artist's rough preliminary sketch: A great deal of detail has to be filled in. What's key is that Sarbanes-Oxley was a symbolic act and people are now watching. That's probably as effective a way to get behavior changed as a lot of specific, more picayune rules."
The case for this module asks for you to review information regarding the act, its purposes, its implementation, and its effects to date. A good place to begin is this Introduction to Sarbanes-Oxley. For or detailed consideration of impacts regarding information technology, the following sources provide you with a chronological account of SOX and IT:
Worthen B. (2005) Five Top IT Control Weaknesses. CIO Magazine. Retrieved Sept. 23, 2007 from
https://www.cio.com/article/8097/_The_Top_Five_IT_Control_Weaknesses
Hoffman T. (2005) More Companies Tap IT for Sarbanes-Oxley. Computerworld. Retrieved Sept. 23, 2007 from
https://www.computerworld.com/softwaretopics/software/story/0,10801,105463,00.html
Nash, K. (2007) Why, 5 Years After Sabanes-Oxley Became Law, IT Executives Are Better Off. Retrieved Feb. 24, 2008 from
https://www.cio.com/article/127851/Why_Five_Years_After_Sarbanes_Oxley_Became_Law_IT_Executives_Are_Better_Off/1
Cote, B. (2008) Failed Audit? Sarbanes-Oxley Compliance Journal. Retrieved Feb. 24, 2008 from
https://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=2022
Nash, K. S., (2010) SOX Compliance: New Tool for Easier Audits. CIO Magazine. Retrieved from
https://www.cio.com/article/593298/SOX_Compliance_New_Tool_for_Easier_Audits.
Benner K. (2010) Is Sarbanes-Oxley a failure? Money.com. Retrieved from
https://money.cnn.com/2010/03/23/news/economy/sarbanes_oxley.fortune/index.htm.
The background information also contains a number of resources regarding this act and its effects; you may also wish to conduct your own search and develop further information as appropriate. When you've had a chance to review all of this information and think about the problem to some degree, please prepare a short (4-6 page) paper on the topic:
The major things that IT managers will have to do differently when Sarbanes-Oxley becomes fully implemented and effective
In the course of your paper, please explicitly address among other points the question of what if anything the Sarbanes-Oxley mandate requires that isn't already performed in any well-managed IT system; and try to conclude your paper with the definition of at least three of what you consider to be key open questions yet to be resolved about the impact of Sarbanes-Oxley on IT management.