Government compliance does not have to be a daunting task. However, it's best to address your company's compliance with laws and regulations methodically, through careful analysis and planning. Compliance requires that each organization evaluate its internal controls and demonstrate effectiveness through proper fiscal reporting.
SAM can help you achieve and demonstrate compliance with laws and regulations that require strict standards of IT governance and controls. With a fully implemented SAM plan in place, your company will have a thorough, up-to-date record of all of its software assets and licenses, as well as streamlined and carefully controlled internal processes.
SAM can help you navigate safely through the complexities of laws that regulate corporate governance and other business affairs, including:Learn how SAM has assisted others in achieving government compliance.
Sarbanes-Oxley Act (United States)
Passed into law in the United States in July 2002, the Sarbanes-Oxley Act is the most important legislation affecting corporate governance, financial disclosure, and public accounting to come about in the country since the securities laws of the 1930s. The Act came in response to corporate accounting scandals starting in the late 1990s. It was designed to prevent future incidents and restore the faith of investors.
Named for its chief architects, Senator Paul Sarbanes and Representative Michael Oxley, the Act introduced sweeping reforms for auditors, board members, and issuers of publicly traded securities. The Act applies to all companies that are required to file reports with the U.S. Securities and Exchange Commission and put into effect mandatory deadlines for compliance.
Sarbanes-Oxley requires company executives and external auditors to certify and sign-off on "internal controls" that ensure accurate fiscal reporting. Internal controls are defined as the processes—put into motion by a company's board of directors, management, and other personnel—that help the company achieve specific objectives. These objectives include:
Effective and efficient operations
Reliable financial reporting
Compliance with applicable laws and regulations
The Act requires CEOs and CFOs to provide sworn statements attesting to the accuracy of their filings, and extends potential criminal liability to the heads of all publicly traded companies that fail to provide such certification.
Some argue that Sarbanes-Oxley is primarily focused on proper finance and, as such, has little to do with the IT department. Not so. Staying within the bounds of Sarbanes-Oxley requires financial information to be accurate, up to date, and completely verifiable. Ultimately, it's the IT department and its systems that are responsible for generating, supporting, and maintaining that information. Going further, those same systems will ensure the validity and availability of that data. That's where SAM comes in. SAM works in conjunction with these existing strategies:
Committee of Sponsoring Organizations of the Treadway Commission (COSO): Recognized as the leading framework for Sarbanes-Oxley, COSO is used primarily in risk management; it establishes internal controls that help companies ensure reliable financial reporting. These controls help companies comply with laws and regulations, while at the same time preventing loss and achieving proper performance targets.
Control Objectives for Information and Related Technology (COBIT): COBIT examines current internal process controls, measures them against new and improved ones, and develops a strategy for implementing them. It creates a way of linking IT resources and information to your company's strategies and objectives. The result is a new framework of company standards or "good practices."
This is an example of government compliance or good governance required for the United States specifically, and yet it also shows the need and ability for SAM to be used to help provide compliance with the laws of all countries.
Bill 198 (Canada)
Canada has enacted its own solution to governance and financial reporting requirements, known as Bill 198 (also known as Multi Lateral Instrument MI 52-109). Bill 198 is an Ontario legislative bill effective April 7, 2003. Also known as the "Canadian Sarbanes and Oxley" Act or C-SOX, it provides for regulation of securities issued in the province of Ontario.
Bill 198 legislation touched on many different aspects of government operation—provisions include measures for corporate disclosure, auto insurance, and taxes. Thus, only a small portion of Bill 198 was relevant to U.S. Sarbanes-Oxley Act issues. However, the legislation is perhaps best known for clauses that provide equivalent legislation to Sarbanes-Oxley to protect investors by improving the accuracy and reliability of corporate disclosures.
Although Bill 198 (like Sarbanes-Oxley) does not directly address IT controls, the law has significant IT and information security implications because most companies’ financial reporting and operations depend heavily on information technology.
Financial Instruments and Exchange Law (Japan)
The Financial Instruments and Exchange Law is considered the Japanese version of Sarbanes-Oxley and is often referred to as J-SOX. Enacted in Japan in June 2006, it is the main statute codifying securities law and regulating securities companies in Japan. The law introduces strict rules for the internal control of financial reporting to protect investors by improving the accuracy and reliability of corporate disclosures.
In addition to providing for internal controls in public companies, the law also provides for:
Registration and regulation of broker dealers and their registered representatives.
Disclosure obligations applicable to public companies, investment trusts, and similar entities.
Tender offer rules.
Disclosure obligations applicable to large shareholders in public companies.
How SAM can help
Used in conjunction with other IT governance models, SAM can ensure your company's compliance by helping you:
Streamline your IT and purchasing departments.
Establish and maintain a thorough and secure library of your software assets and licenses.
Keep tight control over your vendor accounts and maintenance contracts.
When it comes to government compliance, a good SAM plan makes good business sense.