Corporate compliance report: Sarbanes-Oxley and the COSO initiative

Extract

[...] Conclusion Organizations of today must take proactive approach in enterprise risk management not only to comply with federal and state mandates, specifically the Sarbanes-Oxley Act of 2002, but to also avert any incidents of fraud, inside trading, and other illegal acts within the organization. Organizations must establish measures and/or internal controls to prevent, identify, and management risks, exposures and incidents. The continued commitment and dedication of all stakeholders are necessary for the success of the enterprise risk management plan. References Bokert, M.E., and Hahn, A. [...]

[...] Section 404 creates accountability on the part of corporate officers and board of directors on the accuracy of its financial statements as well as the evaluation of internal controls. Additionally, Section 404 makes officers and board members responsible for processes for financial disclosures, liabilities, and weaknesses of the internal controls. In order to comply to SOX, organizations must successfully show documentations and evaluations proving that their financial reporting processes are accurate, operating effectively, and are closely monitored. General Master's (2006) website states that Security and Exchange Commission (SEC) rule-making for Sarbanes-Oxley Section 404 mandated that a company's internal control over financial reporting should be based upon a recognized internal control framework. [...]

[...] Flaherty adds “many seek to improve processes for identifying, analyzing and managing risks yet until now, there hasn't been a comprehensive framework that truly meets the far-reaching demands of the new regulatory and competitive environment, successfully managing risk drives better business performance and facilitates achievement of strategic, operations, reporting and compliance objectives." On September 2004, COSO released the Enterprise Risk Management Integrated framework (ERM) which was authored by PricewaterhouseCoopers. The ERM describes essential components, concepts and principles for ERM for organizations. [...]

[...] By doing so, employees, board of directors, and management are aware of existing problems and how they were handled so that future issues/incidents can be handled in the same or better fashion. In addition to quarterly reports, Western should have regular trainings and seminars, which are part of the control environment component. Communication of information is critical to the success of Western's enterprise risk management. Western must understand that the responsibility lies not only with the board of directors and management, but the employees' participation and commitment are critical to the success of the organization, including risks management. [...]

[...] Additionally, a thorough background check is required for all full-time and part-time employees, including contractors regardless of the duration of the contract. These measures are necessary for limiting risks exposures particularly with illegal access to proprietary and client information. Western Asset currently has established an audit system. Western must have additional control activities in place besides the audit system. Specific activities, electronic or not, should be documented such as transfer of funds, change of customer/client information, and withdrawals. In Western's information technology department, modifications proprietary software or release of versions could only be done on certain schedules. [...]