Lab 1 Assessment Questions
1. What section of the SOX compliance law requires proper controls and hence, security controls, to ensure the confidentiality and integrity of financial information and recordkeeping within an IT infrastructure? Explain the information contained in this section.
Section 404. This means that IT needs to provide assurance that this data cannot be altered by unauthorized individuals, cannot be viewed by unauthorized individuals, and is available when needed by authorized individuals. It also ensures that any material changes to IT infrastructure that touch this data are documented and reported immediately to management.
2. Who is Richard Scrushy and why is he relevant to SOX?
Owner and founder of HealthSouth Corp, was the first CEO charged with violating the Sarbanes-Oxley act.
3. Who, under SOX, is legally accountable for certifying and approving the integrity of the company and its financial reporting to the SEC and other financial organizations?
CEO and CFO of company
4. What is the difference between a form 10-K and a form 10-Q, and who must submit these to the Securities Exchange Commission (SEC) for publicly traded company financial reporting?
10K is for reporting annual results, 10Q is for reporting quarterly results. CEO or CFO
5. What qualifies as a "large accelerated filer," and how long after the end of the quarter do they have to file their quarterly financial report?
Companies with a public float of $700 million or more. Deadline of 40 days.
6. Where would someone go in order to find the quarterly and annual reports for a publicly traded company?
SEC Edgar Database
7. Go into the Edgar Database and find the most recent 10K and 10Q for Microsoft, Nike, and Cisco. Who signed off on the 10K for each of those companies?
Microsoft - Frank H. Brod; Nike - Mark G. Parker; Cisco - John T. Chambers
8. What are some of the criminal penalties for falsifying documents, or covers up information related to financial...