Sarbanes-Oxley Act Compliance: Some IT Implications

To address corporate fraud in the wake of the Enron scandal, the Sarbanes-Oxley Act (2002) implements new reporting requirements for firms listed on US stock exchanges, including Canadian firms and Canadian subsidiaries of US public companies. For financial years ending after June 15, 2004, Section 404 of the Act will require management and external auditors to certify in the financial reports that procedures are in place to ensure the accuracy of transaction reporting.   Tracking internal responsibility for contract details is expected to be a keystone in this process.   According to cio.com, an online trade magazine, Chief Information Officers are expected to be responsible for maintaining this data and should already be addressing the following issues:

• are transactions effectively documented in the financial management software;
• are policies and procedures in place to maintain the security and integrity of this documentation;
• are asset management policies documented and adhered to;
• do old policies and data, or policies and data acquired by consolidation with another company comply with current policies; and
• are outsourced operations being properly accounted for.

For Canadian corporations reporting in the US and Canadian subsidiaries, the same issues must be addressed.  Itbusiness.ca views submitting to the requirements of the Act as an opportunity to improve internal IT management generally, and possibly as a head start on compliance with new multilateral instruments to be administered by the Ontario Securities Commission (OSC).   Notice of these instruments affecting Audit Oversight (52-108), Certification of Disclosure in Companies' Annual Filing and Interim Filings (52-109), and Audit Committees (52-110) was posted by the OSC on June 27, 2003, and interested parties are given until September 25, 2003 to respond. For the Sarbanes-Oxley Act (2002), visit: http://makeashorterlink.com/?J11F23195. For a brief US analysis, see: http://www2.cio.com/analyst/report1537.html. For an article on perceived Canadian implications, visit: http://www.itbusiness.ca/index.asp?theaction=61&sid=52942. For the notice of request for comments by the Ontario Securities Commission on Multilateral Instruments 52-108 (Auditor Oversight), 52-109 (Certification of Disclosure in Companies' Annual Filing and Interim Filings) and 52-110 (Audit Committees), see: http://www.osc.gov.on.ca/en/HotTopics/prom_inv_conf.html#expanded. Summary by:   Nicholas J. Whalen If you have questions on how to manage contracts and data to comply with these new reporting requirements, contact Amy-Lynne Williams (awilliams@dww.com) or Nick Whalen (nwhalen@dww.com).