Passed into law in July 2002, the Sarbanes-Oxley Act is the most important legislation affecting corporate governance, financial disclosure and public accounting to come about since the U.S. securities laws of the 1930's. The Act came in response to the corporate accounting scandals of the late ‘90s and into the new millennium, and was designed to prevent future incidents and restore the faith of investors.
Named for its chief architects, Senator Paul Sarbanes and Representative Michael Oxley, the Act introduced sweeping reforms for auditors, board members and issuers of publicly traded securities. The Act applies to all companies that are required to file reports with the Securities and Exchange Commission and put into effect mandatory deadlines for compliance.
In essence, Sarbanes-Oxley requires company executives and external auditors to certify and sign-off on "internal controls" that ensure accurate fiscal reporting. Internal controls are defined as the processes, put into motion by a company's board of directors, management and other personnel, which provide for the achievement of specific objectives including:
 |  |  | ||||||
| ||||||||
 | |  | ||||||
Prior to the Act's formal passage, the SEC notified more than 900 of the top U.S. companies that their CEOs and CFOs would need to provide sworn statements attesting to the accuracy of their filings. Going further, the Act extended potential criminal liability to the heads of all publicly traded companies that failed to provide such certification.
Some argue that Sarbanes-Oxley is primarily focused on proper finance and, as such, has little to do with the IT department. Not so. Staying within the bounds of Sarbanes-Oxley requires that all financial information is accurate, up to date and completely verifiable. Ultimately, it's the IT department and their systems that are responsible for generating, supporting and maintaining that information. Going further, those same systems will ensure the validity and availability of that data. That's where Software Asset Management comes in.
Getting compliant with Sarbanes-Oxley and staying there demands that organizations evaluate their internal controls and demonstrate their effectiveness through proper fiscal reporting. SAM works in conjunction with existing strategies such as COSO and COBIT to help meet the tough new standards of Sarbanes-Oxley.
COSO, which stands for "The Committee of Sponsoring Organizations of the Treadway Commission," is recognized as the leading framework for Sarbanes-Oxley. Used primarily in risk management, COSO establishes internal controls that help companies ensure reliable financial reporting. These controls help companies comply with laws and regulations, such as Sarbanes-Oxley, while at the same time preventing loss and achieving proper performance targets.
"Control Objectives for Information and related Technology," or COBIT, examines current internal process controls, measures them against new and improved ones and develops a strategy for implementing them. COBIT creates a way of linking IT resources and information to your company's strategies and objectives. The result is a new framework of company standards or "good practices."
Used in conjunction with these IT governance models, SAM can help keep your company compliant and within the new responsibilities outlined in Sarbanes-Oxley. SAM streamlines your IT and purchasing departments, establishes and maintains a thorough and secure library of your software assets and licenses, and keeps tight control over your vendor accounts and maintenance contracts. A proper SAM plan makes good business sense and keeps your organization within the bounds of the law and one step ahead of your competition.