Printer Friendly
The Free Library
4,631,493 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

SOX education: though not required to do so, universities that comply with Sarbanes-Oxley Act provisions on internal controls will reap the rewards.


The Sarbanes-Oxley Act See SOX.  (SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. ) of 2002 brought about sweeping changes for corporate America. In an effort to restore the integrity of the markets, rebuild the faith of investors, and create a new way of doing business, the federal government is asking U.S. corporations to go back to square one and review the intricacies of their financial reporting and control practices, and ensure they're preparing financial statements and recording transactions in an accurate, fair, and ethical manner. Among the many requirements needed to achieve compliance are internal control "certifications" issued by management pursuant to SOX rules 302 and 404.

White not-for-profit organizations aren't currently required to issue financial reporting and control certifications, many are assessing the costs, risks, and benefits of doing so. Without a mandatory compliance deadline, not-for-profit organizations can structure their control assessment activities over more than one fiscal period and work toward a state of certification readiness in a Less compressed time frame than that faced by corporations.

Despite the tack of a directive, higher educational institutions have much to gain from voluntary compliance with rules 302 and 404. A university that does so can significantly improve its competitive position with rating agencies, donors, tenders, and government funders. Voluntary compliance can reinforce strong board governance, strengthen management practices, and inevitably strengthen a university's reputation.

However, there is a downside Downside

The dollar amount by which the market or a stock has the potential to fall.

Notes:
You might hear someone say that the downside on stock XYZ is $10. What that means is that the stock could fall by this amount if things got bad.  to publicly issuing certifications by management on the design and effectiveness of controls if a sound process has not been followed by management in its assessment of the adequacy of the control structure for financial reporting and compliance. In order to both mitigate mit·i·gate
v.
To moderate in force or intensity.


miti·gation n.  this risk and to help manage the cost of compliance, a thoughtful, proven approach to control assessment and documentation is necessary.

A ROAD MAP TO ASSESSING CONTROL RISK

Because corporate America has already gone through the first rounds of SOX readiness and testing, universities that begin the process today can benefit from the Lessons teamed by their corporate brethren. University management will also find that, despite the hype hype 1   Slang
n.
1. Excessive publicity and the ensuing commotion: the hype surrounding the murder trial.

2. , the process is not unmanageable. After all, controls are nothing more than actions designed to reduce risk. And well-managed risk is a sign of a weft-run organization.

By beginning the process slowly, perhaps tackling one or two of the most challenging processes the first year and additional processes the next, a university can gain insights into its control "orientation" and can modify its processes before the entire control structure has been documented and assessed.

A university can begin assessing the adequacy and documentation of its internal controls by identifying the processes that are either the most problematic, present the most compliance risk, or that have the most significant impact throughout the organization. Once the university has identified the business processes to be addressed, the control structure must be considered across all the departments and functions that impact those business processes. Every department that carries out parts of the identified business processes also impacts the control structure that drives accurate financial reporting and compliance management. Consequently, it is important to pre-identify business tasks within the business process and map these tasks to the related financial reporting and compliance risks, the associated control objectives, and ultimately to the various control procedures being performed.

This approach allows tracking of control activities performed by staff in various departments to the risks being mitigated mit·i·gate  
v. mit·i·gat·ed, mit·i·gat·ing, mit·i·gates

v.tr.
To moderate (a quality or condition) in force or intensity; alleviate. See Synonyms at relieve.

v.intr.
To become milder. . It also allows management to gain an institution-wide view of the control design. This view supports a dearer assessment of the adequacy of controls, gaps in the control design, and redundant control activities. The process may also reveal where a university can make its business processes more efficient.

University activities, such as Student Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. , often span multiple institutional boundaries (finance, accounting, academic, and administrative departments) and the processes can quickly become fragmented frag·ment  
n.
1. A small part broken off or detached.

2. An incomplete or isolated portion; a bit: overheard fragments of their conversation; extant fragments of an old manuscript.

3. .

As processes and their control objectives are committed to paper, risks become apparent, as does the tack of consistent written control procedures. Many universities have tremendous oral histories of their control procedures but inconsistent approaches to documenting these procedures across the various departments. Furthermore, many inconsistencies in controls are the result of old, unresolved Not completed; not finished; not linked together. See resolve.  governance, business process, and technology issues. By putting these Lingering lin·ger  
v. lin·gered, lin·ger·ing, lin·gers

v.intr.
1. To be slow in leaving, especially out of reluctance; tarry. See Synonyms at stay1.

2.  problems in writing, they become more obvious, and solutions become more tangible.

As financial reporting and compliance risks and the related control procedures are documented, the university can reassess reassess
Verb

to reconsider the value or importance of

reassessment n

Verb 1. reassess - revise or renew one's assessment
reevaluate  the Linkages between computer and manual controls and whether efficiencies can be achieved by redesigning certain control activities.

Next, the university should determine whether its control procedures are preventive or detective controls. This perspective allows management to decide if the balance between preventive and detective controls is appropriate for the circumstances. Many universities find their control designs are primarily detective in nature, which is more labor intensive Labor Intensive

A process or industry that requires large amounts of human effort to produce goods.

Notes:
A good example is the hospitality industry (hotels, restaurants, etc), they are considered to be very people-oriented.
See also: Capital Intensive, Trading Dollars  and fails to prevent problems from occurring. Culturally, the emphasis on detective controls may be driven by the fact that initiators of transactions or the primary reviewers of third-party financial data may not be financial analysts, accountants, or finance professionals. Many departments in a university that conduct business tasks are primarily focused on academic and research activities or students and donors. The staff's core competencies A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
  1. It provides customer benefits
  2. It is hard for competitors to imitate
  3. It can be leveraged widely to many products and markets.
 may not add to effective preventive controls. As the university weighs preventive versus detective controls, it may need to consider redeploying human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees.  in order to bring the equation into balance.

DEVELOP A GAME PLAN FOR CERTIFICATIONS

Working toward SOX compliance can serve to increase the board's Level of awareness on business processes and the complexities of the control design. It can also facilitate implementing the changes in controls and business practices that have been identified in the control assessment.

The 302 and 404 certifications can also drive a greater awareness on the part of all levels of management of the role they carry in the control design and execution. Their personal knowledge that those controls have functioned effectively during the year is essential To that end, many universities require "management sign-offs" on controls from various departmental, academic, and administrative personnel.

If a university begins with reasonable steps, a game plan, knowledge of what it is trying to track, and good templates and tools, it will, over time, build more efficient and effective business structures. And, white better business practices--not compliance--are the ultimate end goat, should SOX compliance become mandatory, the university will be well positioned to meet the requirements.

Strategies for Success

Some universities have recently begun working toward SOX compliance by documenting controls. However, the starting point Noun 1. starting point - earliest limiting point
terminus a quo

commencement, get-go, offset, outset, showtime, starting time, beginning, start, kickoff, first - the time at which something is supposed to begin; "they got an early start"; "she knew from the  was not a high-level assessment of financial reporting and compliance risks and the associated control objectives needed to mitigate these risks. The documentation process, undertaken solely for the purpose of documenting the "what is," soon becomes an exercise that does not produce actionable Giving sufficient legal grounds for a lawsuit; giving rise to a Cause of Action.

An act, event, or occurrence is said to be actionable when there are legal grounds for basing a lawsuit on it.  next steps. If the starting point instead was committing each business process to paper (or into an online controls template (1) A pre-designed document or data file formatted for common purposes such as a fax, invoice or business letter. If the document contains an automated process, such as a word processing macro or spreadsheet formula, then the programming is already written and embedded in the ) and identifying the financial reporting and compliance risks and related control objectives, the subsequent mapping to specific control procedures would have met with greater success.

Mary Foster, a partner with Deloitte & Touche, LLP LLP - Lower Layer Protocol , leads the firm's Higher Education higher education

Study beyond the level of secondary education. Institutions of higher education include not only colleges and universities but also professional schools in such fields as law, theology, medicine, business, music, and art.  and Not-for-Profit practice.
COPYRIGHT 2004 Professional Media Group LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Viewpoint
Author:Foster, Mary
Publication:University Business
Date:Dec 1, 2004
Words:1173
Previous Article:Shut the door on your way out.(Editor's Note)
Next Article:Butler University gets personal with PeopleSoft Enterprise Campus Solutions: 'by moving business processes to the Web, we've removed barriers to...



Related Articles
Publication of the May 2003 update to the Commercial Bank Examination Manual.(Announcements)
Compliance.(technology tools)(Brief Article)
PCAOB issues internal control standards ED.(financial Reporting)(Brief Article)
Defining moment for good governance: research from both Financial Executives Research Foundation and Robert Half international find that...
Profession gains appeal due to greater demand.(Accounting: coping with Sarbanes-Oxley)
Why should private companies implement Sarbanes-Oxley? While public companies must comply with provisions of the Sarbanes-Oxley Act, that's not the...
Under the gun: Sarbanes-Oxley compliance requires significantly more investment than public insurers anticipated. Now mutuals may have to comply as...
Private companies should adopt Sarbanes-Oxley.(Sarbanes-Oxley Act of 2002 passed by Congress)(Advertisement)
The Sarbanes-Oxley Act and your company's growth.(CORPORATE: Expansion & Relocation)
The sky isn't falling fear of SOX is waning.(SPECIAL REPORT)(Sarbanes-Oxley Act of 2002)

Terms of use | Copyright © 2008 Farlex, Inc. | Feedback | For webmasters | Submit articles