Chapter Review Questions: SOX, Primary CBIS Functions, Event Monitoring
Cezar, Ariane Gail L. BSA-5A
Chapter 1 Review Question No. 7
How does the Sarbanes-Oxley Act of 2002 affect management’s responsibility for internal controls?
Sarbanes-Oxley Act of 2002 requires management of public companies to implement an adequate system of internal controls over their financial reporting process as a result of the discovery of large financial frauds. To increase public confidence in capital markets, management responsibilities are extended and they are codified in Sections 302 and 404 of SOX.
In Section 302, it requires that corporate management, including the CEO, certify their organization’s internal controls on a quarterly and annual basis. It also provides procedures to identify any material modifications in controls that may impact financial reporting.
On the other hand, Section 404 requires the management of public companies to assess the effectiveness of their organization’s internal controls. It also entails in providing annual reports whilst addressing several points given by the act.
Chapter 2 Review Question No. 7
What are the three primary CBIS functions that must be separated?
Separating Systems Development from Computer Operations
The two functions are inherently incompatible since consolidating these tasks encourages errors and frauds. Systems development and maintenance staff should not be allowed to perform tasks involving entering of data or running applications.
Separating Database Administration from Other Functions
Consolidating both tasks threaten database integrity. Database Administration is responsible for database security, assigning database access authority to users, monitoring database usage, and planning for future expansion, thus, a need of separating it to other computer center functions must be established.
Separating New Systems Development from Maintenance
Systems analyst during development of new systems works with users to have basis for their design specification of the product.
Chapter 1 Review Question No. 7
How does the Sarbanes-Oxley Act of 2002 affect management’s responsibility for internal controls?
Sarbanes-Oxley Act of 2002 requires management of public companies to implement an adequate system of internal controls over their financial reporting process as a result of the discovery of large financial frauds. To increase public confidence in capital markets, management responsibilities are extended and they are codified in Sections 302 and 404 of SOX.
In Section 302, it requires that corporate management, including the CEO, certify their organization’s internal controls on a quarterly and annual basis. It also provides procedures to identify any material modifications in controls that may impact financial reporting.
On the other hand, Section 404 requires the management of public companies to assess the effectiveness of their organization’s internal controls. It also entails in providing annual reports whilst addressing several points given by the act.
Chapter 2 Review Question No. 7
What are the three primary CBIS functions that must be separated?
Separating Systems Development from Computer Operations
The two functions are inherently incompatible since consolidating these tasks encourages errors and frauds. Systems development and maintenance staff should not be allowed to perform tasks involving entering of data or running applications.
Separating Database Administration from Other Functions
Consolidating both tasks threaten database integrity. Database Administration is responsible for database security, assigning database access authority to users, monitoring database usage, and planning for future expansion, thus, a need of separating it to other computer center functions must be established.
Separating New Systems Development from Maintenance
Systems analyst during development of new systems works with users to have basis for their design specification of the product.