Scribd
Upload
71 views

Governance Analysis Using Ea: Responsibilities Imposed by Sarbanes-Oxley

This document discusses using enterprise architecture (EA) to analyze governance and meet responsibilities imposed by the Sarbanes-Oxley Act of 2002 (SOX). It describes SOX requirements for company directors and officers to ensure accountability over financial reporting. An enterprise architecture approach using a governance analysis framework (GAF) based on the Zachman Framework can help answer key internal control questions about data, processes, locations, business units, events, and plans. The GAF represents relationships between these concepts as matrices to demonstrate SOX compliance for internal controls.

Uploaded by

Taseer Ghazi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
71 views

Governance Analysis Using Ea: Responsibilities Imposed by Sarbanes-Oxley

This document discusses using enterprise architecture (EA) to analyze governance and meet responsibilities imposed by the Sarbanes-Oxley Act of 2002 (SOX). It describes SOX requirements for company directors and officers to ensure accountability over financial reporting. An enterprise architecture approach using a governance analysis framework (GAF) based on the Zachman Framework can help answer key internal control questions about data, processes, locations, business units, events, and plans. The GAF represents relationships between these concepts as matrices to demonstrate SOX compliance for internal controls.

Uploaded by

Taseer Ghazi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

GOVERNANCE

ANALYSIS USING EA
RESPONSIBILITIES IMPOSED BY SARBANES-OXLEY
WHAT IS GOVERNANCE?
• Relates to consistent management ,Policies , guidance, processes and decision rights for
given area of responsibility.
SURBANES-OXLEY

• Surbanes-oxley act of 2002


• Named as company accounting reform and investor protection.
• Most important goals of the act is to ensure that company directors and officers are
aware and accountable for the financial condition of the company they manage.
• Also called Sar-Ox or SOX.
TYPICAL INTERNAL CONTROL QUESTIONS

• For complete satisfaction that internal controls have not only been implemented, but also
work in practice throughout the enterprise, senior managers need to show that answers
are available for management and audit questions to determine SOX compliance.
• These relate to key resources that are needed, such as data, business activities and
processes, locations, people or business units, and events
TYPICAL INTERNAL CONTROL QUESTIONS
• For data
• For processes
• For locations
• For business units or people
• For business events
• For business plans
MANAGING INTERNAL CONTROLS USING ENTERPRISE
ARCHITECTURE

• These are simple internal control questions:


• What
• How
• Where
• Who
• When
• Why
GOVERNANCE ANALYSIS FRAMEWORK
• The Zachman framework provides a way to cut through the complexity of today’s
enterprises and document the relationships that exist between each column for each
row
• These relationships are illustrated as matrices
GOVERNANCE ANALYSIS FRAMEWORK (GAF) FOR
SARBANES-OXLEY

• Data matrices: data to processes, data to locations, data to people or business units;
data to events; data to business plans
• Process matrices: processes to data, processes to locations, processes to business
units; processes to events; processes to business plans
• Location matrices: locations to data, locations to processes, locations to people or
business units, locations to events, locations to business plans.
CONT’D…
• People or business unit matrices: people or business units to data, people or
business units to processes, people or business units to locations, people or business
units to events; people or business units to business plans.
• Business event matrices: business events to data, events to processes, events to
locations, events to people or business units, business events to business plans.
CONT’D…

• Business plan matrices: business plans to data, business plans to processes, business
plans to locations, business plans to people or business units, business plans to business
events.

• When senior managers use governance analysis framework matrices as described here,
they are able to demonstrate that they have a powerful management tool for internal
control reporting as required by the Sarbanes-Oxley Act of 2002.

You might also like