Sarbanes-Oxley Compliance Through EA
Use enterprise architecture documentation to help you adhere to Sarbanes-Oxley provisions.
by Vineet S. Rajput
December 13, 2004
Developed economies have a continual cycle of correction that maintains a balance between corporate greed and governmental control. Too much control can stifle innovation and kill private enterprise, and too little of it allows the greedy corporations and their executives to become corrupt and consequently compromise public trust.
The cycle starts with corporate greed/need for profits. As this need grows, some corporations push the envelope of existing law. This might involve "innovative" accounting, unethical (although not necessarily illegal) marketing practices, and so on. This seemingly increases their profits for the time being. However, the long-term effects are usually disastrous. If the behavior is allowed to continue, public trust will erode and the whole basis of the free market will be threatened. To prevent this, the government has enacted rules that mandate controls.
We have already witnessed this cycle many times. Some examples of this cycle of correction include: prohibition of "pyramid" schemes in response to the Ponzi scandal, a ban on internal trading, and protection against false advertising.
The Sarbanes-Oxley Act (SOX) is the culmination of a recent cycle in which some corporations used a combination of schemes to boost their reported bottom line and rewarded their executives with hefty bonuses for doing so. However, when caught, the executives pleaded ignorance about these activities. SOX is aimed at creating corporate accountability and taking it to next level to hold senior executives personally accountable.
Overview of Sarbanes-Oxley
SOX has three basic components:
- Increased supervision by an independent Public Company Accounting Oversight Board: This board dictates the rules governing the accounting practices for public companies and any violation of its rules will amount to violation of SEC rules.
- Independence of corporate audit, analysis, and governance: This is aimed at ensuring that the auditors, analysts, and the company's governing board are independent of its management and don't have any conflicts of interest. This is needed to ensure that these stakeholders truly represent the interests of the shareholder. The goal is also to create increased openness and transparency in corporate functions.
- Increased corporate and personal accountability: This is perhaps the most significant aspect of the act. The act holds the corporate management "personally responsible" for any incorrect/inaccurate financial reporting. This portion of the act has created unprecedented need for improved visibility into the processes and systems responsible for corporate financial reporting. This has also created a high degree of corporate will behind implementing proper procedures.
Enterprise Architecture
EA is often misunderstood as the process of designing IT systems. In fact, EA is the art/science of "architecting" the enterprise, i.e., it is the process of documenting all aspects of the enterprise to ensure that people, processes, technology, data, locations, and timelines are all aligned with the enterprise goal.
A white paper for government organization CIOs defined EA as follows: "Enterprise Architecture (EA) links the business mission, strategy, and processes of an organization to its IT strategy. It is documented using multiple architectural models or views that show how the current and future needs of an organization will be met."
Back to top
|