We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Sarbanes-Oxley Compliance in the Brave New World

Originally published March 23, 2005

Not so long ago, Aldous Huxley wrote about the future in the BRAVE NEW WORLD. It seems that at least part of Huxley’s future has arrived and is now the present. Today, we have a higher level of surveillance than we have ever known. There is the surveillance to protect us against terrorism, which we accept as a necessity. But presently, there is also another form of surveillance of which we may be totally unaware.

In the late-1990s and early 2000 time frame, certain corporations were caught inflating their stock prices so that executives could personally profit at the expense of the investor. Prior to this, corporate officers could be held accountable on a civil basis, but rarely were they subject to criminal prosecution. This is no longer the case.

After the passage of Sarbanes-Oxley there are now real teeth in the laws governing corporations. It was always a criminal offense for a corporate executive to use his or her position for personal gain at the expense of the investor under common law fiduciary principles. The passage of Sarbanes Oxley codified these principles into a very actionable tool for prosecutors.

The primary way of enforcing the reporting requirements of Sarbanes-Oxley is through audits. There is a certain irony here. It was the breakdown of the audit function overseeing fiduciary obligations of corporate officers and providing opinions regarding conflicts of interest situations that prompted Sarbanes-Oxley to be enacted in the first place. The improper auditing and misconduct of now defunct accounting firms has brought a bonanza of work to the remaining firms.

When one examines the provisions of Sarbanes-Oxley, it becomes apparent that there are two distinct reporting requirements of the Act—setting up the initial audit and performing an on-going audit on a quarterly basis. Most public companies are just now completing their first post Sarbanes-Oxley audit and perhaps feeling relief from getting through it. What awaits them is the next quarter’s on-going audit. What also awaits them is a surprise when they realize the scope of what is included in the audit.

Consider a classical audit which scrutinizes financial transactions. The classifications, the recording and the accounting of the financial transaction are all a part of the picture being audited. But with the on-going quarterly audit there is a new twist. In order to comply with Sarbanes-Oxley it is necessary to examine the state of the business long before the financial transaction occurred. In many ways, the financial transaction is the pie, and the audit needs to look at how the pie was baked and how the apples were cut up before being put in the pie.

On-going compliance with Sarbanes-Oxley is concerned with many things that happen long before the financial transaction occurs. Sarbanes-Oxley is concerned with important issues such as:

  • Contingent sales;
  • Promises to deliver;
  • Revenue recognition; and
  • The shaping of deals.

In other words, the financial transaction is merely one aspect of a Sarbanes-Oxley audit. The other aspect is the customer and employee expectations that have occurred long before the financial transaction takes place.

How is an audit of activity before the financial transaction takes place going to occur? Well, a good way to look at what is going on before the financial transaction occurs is to look at corporate communications. What are employees saying to customers and prospects?  What are employees saying to other employees? What contracts are being written?

So where does much of the pre-financial activity take place before the transaction is consummated? It lies in e-mails. Pure and simple; e-mails tell the tale of what happens before the transaction is completed. Often, the employees are engaging in a rather informal dialogue among themselves and with the other party, using email to facilitate the transaction. These communications take place well before the final commitment is made.

In most organizations there is this perception by the employee that e-mails are private. In fact, corporate e-mails are not private at all. From a legal standpoint, a corporation has every right to look at and monitor corporate communications within the workplace using the corporation’s communication facilities. This specifically includes e-mail. It is a misperception that corporate e-mails are private. If an employee wishes to have private mail, he or she should do so outside the workplace on a personally owned computer or network.  This will provide privacy from employer scrutiny.  However, if the employee is performing company business or sending corporate communications on a personally-owned computer, these may still be subject to audit scrutiny. 

In a corporate environment—despite any attitude or past common practice—corporate e-mails are fair game. Sarbanes-Oxley compliance includes monitoring these e-mails. Public companies have adopted written policies that alert employees to the limitation of privacy for email and other communications in the workplace. It is a good practice for corporations in general to adopt such policies and advise their employees of these privacy limitations. Just knowing that someone may be watching prevents many misdeeds.

So it is Sarbanes Oxley—a new law of the land—that has ushered in the age of the brave new world. Aldous Huxley would be amazed that it has arrived with such a lack of rancor.

For questions or additional information about Sarbanes-Oxley compliance and automated monitoring of e-mail and other corporate communications, contact me at 760-346-1104 or at binmon@inmondatasystems.com.

  • Bill InmonBill Inmon

    Bill is universally recognized as the father of the data warehouse. He has more than 36 years of database technology management experience and data warehouse design expertise. He has published more than 40 books and 1,000 articles on data warehousing and data management, and his books have been translated into nine languages. He is known globally for his data warehouse development seminars and has been a keynote speaker for many major computing associations.

    Editor's Note: More articles, resources and events are available in Bill's BeyeNETWORK Expert Channel. Be sure to visit today!

Recent articles by Bill Inmon



Want to post a comment? Login or become a member today!

Be the first to comment!