J-SOX, Japanese version of Sarbanes Oxley Act a simple comparison

Sarbanes Oxley

Sarbanes Oxley Act enacted on July 2002, and after that many version released in every regional trying to comply this standard. One of the versions of SOX is J-SOX or Japanese version of Sarbanes Oxley Act, and also not forgets to mention other version such as European SOX.

The Big difference:
The big difference between SOX and J-SOX is fact that the J-SOX is wider than SOX in this case are:

Corporate objectives in the Japanese framework
- Effectiveness and efficiency of operations;
- Reliability of financial reports;
- Compliance with laws and regulations relating to business activities;
- Preservation of assets

Basic elements in the Japanese framework
- Control environment
- Risk assessments and responses
- Control activities
- Information and communication
- Monitoring
- IT support

The similarity
Driver
Japan 2006: Livedoor, an Internet service provider based in Tokyo was accused of fraud
US 2002: Accounting scandal by leading public accounting firms such as Arthur Andersen and Enron.

Any opinions? Suggestions? Successful JSOX implementations?
Feel free to send your comment here

5 reasons why implementing Sarbanes Oxley Act is very very difficult.

For the latest two year, I have been working with Sarbanes Oxley section 404 especially in IT general control. I have been working both in design Risk Control Matrices (RCM) or performing testing thorough the control. And after hundred hours of discussion with auditee, hundred days of never ending meeting or checking document, I have a conclusion that implementing SOX is very-very difficult and sometimes not effective. Here is the reason:

1. Multi interpretation statement
IT Auditee: "Your significant level is different than mine"
SOX Auditor: "My interpretation in this matter is more specific than you do"
IT Auditee: "I understand but in here, this process is could not be performed"

SOX RCM Guidance is multi interpretation. If you hire a person from ABC audit firm to help you design RCM, than after a year we hire from DEF audit. I'm definitely sure that the result is will be different. Does it mean that the guy from ABC audit firm is smarter? No this is multi interpretation statement.

Just take a look at this: list of significant application. The rule is simple, every application that impact the financial statement. But how this could be explained more detail? Does firewall and router include as significant application? Or does a gateway application which pass the data without any parameter will be included? Or simple one, a big and integrated module is considering an application or not? What if the vendors who develop the module are different than the core vendor?

I'm definitely sure that a lot of question when designing SOX RCM, trust me, the multi interpretation statement is major source of a never ending meeting.

2 comments
Read more
12022 reads

Asia Good Corporate Governance Ranking 2008

"...Corporate governance can therefore be defined as: a set of rules that define the relationship between shareholders, managers, creditors, the government, employees and other internal and external stakeholders in respect to their rights and responsibilities, or the system by which companies are directed and controlled.."
Cadbury Committee of United Kingdom

International principles for corporate governance are emerging. These principles cover:

1. The rights of shareholders, who should be timely and properly informed about the company, who should be able to participate in decisions concerning fundamental corporate changes, and who should share in the profits of the company;

2. Equitable treatment of shareholders, especially minority and foreign shareholders, with full disclosure of material information and prohibit abusive self dealing and insider trading;

Bookmark/Search this post with: