Sarbanes-Oxley Guide for Finance and Information Technology Professionals ^{2nd Ed.}

Sarbanes-Oxley and its international variants are here to stay.

Are you prepared for this new business reality?

Changing the landscape of corporate governance, financial disclosure, and the practice of public accounting, the Sarbanes-Oxley Act (SOX) can be confusing and complex for professionals and executives who must take legal responsibility for their actions, errors, and omissions. One of the most comprehensive, authoritative guides to getting your organization Sarbanes-Oxley-compliant, the new, improved, and expanded Second Edition of Sarbanes-Oxley Guide for Finance and Information Technology Professionals provides a valuable reference for finance and information technology (IT) professionals such as CFOs, CIOs, controllers, auditors, executives, and consultants who are involved in Sarbanes-Oxley-related compliance projects.

With practical, workable advice that every finance and information technology professional must have at their fingertips, the Second Edition covers issues from scope and assessment of SOX to records and information assets management to corporate communication to integrating IT—everything that will be analyzed and optimized in order to meet the compliance and reporting standards demanded by this legislation and investors.

Valuable appendices provide the frameworks and methodologies that get you jumpstarted in your SOX initiatives or help you streamline a SOX project that is already underway.

Written by Sanjay Anand, one of the world's leading corporate governance, risk management, and regulatory compliance experts, the Second Edition features:

• Key aspects and important components of the Sarbanes-Oxley Act
• A methodology to achieve SOX compliancy for your company
• A road map to compliance, including checklists, worksheets, and project plans
• The business and technology implications and resource requirements for compliance
• The future of SOX and its impact on corporate America and the world

• PART I: Sarbanes-Oxley For The Finance Professional.
• CHAPTER 1: Scope and Assessment of the Act.
• Integrity.
• Independence.
• Proper Oversight.
• Accountability.
• Strong Internal Controls.
• Transparency.
• Deterrence.
• Corporate Process Management.
• CHAPTER 2: Internal Controls.
• Components of Internal Control.
• Purpose of Internal Control.
• Developing an Internal Control System.
• CHAPTER 3: Control Environment.
• Risk Assessment.
• Information and Communication.
• Monitoring.
• CHAPTER 4: Material Weaknesses.
• Specific Internal Controls to Evaluate.
• Disclosure Committee.
• CHAPTER 5: Implementing Sarbanes-Oxley: What Does Compliance Look Like?
• Time Line.
• Checklists.
• Reporting, Documentation, and Archiving.
• Disclosure.
• CHAPTER 6: Technology Implications.
• Storage Systems.
• IT Solutions.
• Changes in IT Management.
• CHAPTER 7: Sarbanes-Oxley–Related Bodies.
• Public Company Accounting Oversight Board.
• Committee of Sponsoring Organizations.
• Securities and Exchange Commission.
• Financial Accounting Standards Board.
• CHAPTER 8: Opportunities and Challenges Created by Sarbanes-Oxley.
• Opportunities.
• Challenges.
• CHAPTER 9: Summary for the CFO.
• Changes to Corporate Governance.
• Catalyst for Improvement.
• PART II: Sarbanes-Oxley For The IT Professional.
• CHAPTER 10: Impact of Sarbanes-Oxley.
• Impact on the Enterprise, the CEO, and the CFO.
• Impact of Sarbanes-Oxley on Corporate Management Systems.
• Impact of Sarbanes-Oxley on the Technology Infrastructure.
• CHAPTER 11: Technologies Affected by Sarbanes-Oxley: From Sarbanes-Oxley to SOCKET.
• Separate Vendor Hype from Reality.
• Sarbanes-Oxley Compliance as an IT Project.
• Perspective on Sarbanes-Oxley Goals.
• Steps for Sarbanes-Oxley Compliance.
• Sarbanes-Oxley and The SEC.
• CHAPTER 12: Enterprise Technology Ecosystem.
• Organic IT Architecture.
• Ecosystem and Sarbanes-Oxley.
• CHAPTER 13: Implementing the SOCKET Methodology.
• Species or Components of the Enterprise Technology Ecosystem.
• COSO Framework.
• SOCKET Technologies.
• Transactional Systems: ERP, SCM, CRM.
• Analytical and Reporting Systems.
• Data Warehousing.
• CHAPTER 14: SOCKET and Enterprise Information Management.
• Document Management and Sarbanes-Oxley.
• Document Security.
• Communication and Networking.
• CHAPTER 15: The Process.
• Introduction to the Process.
• Strategic (Top-Down) Approach.
• Tactical (Bottom-Up) Approach.
• Monitoring the Audit Team.
• Implementation Process: Reengineering for Sarbanes-Oxley Compliance.
• Beyond Sarbanes-Oxley: From SOCKET to Success Ecosystem.
• Conclusions.
• APPENDIX A Sarbanes-Oxley Implementation Plan: Developing an Internal Control System for Compliance (Focusing on Sections 302 and 404).
• APPENDIX B Project to Process: Making the House a Home.
• APPENDIX C Enterprise Project Management and the Sarbanes-Oxley Compliance Project.
• APPENDIX D Enterprise Risk Management—Integrated Framework.
• APPENDIX E COBIT 3—Executive Summary.
• APPENDIX F COBIT 4—Executive Summary.

Promises more than it can deliver.

There is a token part of the book, that gives a very high level overview of what SOX may mean for a Financial department. But it is so high level, that the author may as well talk about any financial regulation. The second part (the IT part), claims that the only way to get success with a SIX-project is if it is treated as a lone IT-project… In short, the opposite of what most practitioner preaches!

You get the distinct feeling in the second part that the authors main goal is to sell his companies expertise in SOX analysis, implementation and management, and not to get you to understand something that may be useful to you.

With that said, the book is not pure rubbish, and there are some gems in it. And it is fairly easy to read, even if there is not that much information contained in it.