Sarbanes-Oxley and GIS
If the SOX Fit Wear Them!
Sarbanes-Oxley is the most significant change to the federal securities laws in the U.S. since the New Deal (a series of financial, banking and economic laws and policies during the Roosevelt administration of the 1930s). Yet, as a trusty GIS expert, you may not see the relationship between GIS and Sarbanes-Oxley.
Known as SOX or SarBox, the official title of the Sarbnes-Oxley Act is Public Company Accounting Reform and Investor Protection Act of 2002. I prefer SOX. The law attempts to close the proverbial barn door in the wake of the funny accounting practices of Enron, Arthur Andersen, WorldCom, HealthSouth and a few others. In short, it requires a CEO and CFO to sign on the dotted line that they understand the financial statements of their company and that sufficient internal controls are in place
On the surface, the law makes a good deal of sense. It mandates that fundamental solid financial controls are in place and that those at the top know what is going on. But, as with most federal law, it is subject to interpretation and re-interpretation. Unfortunately, the very people who are doing the certification (your friendly CPA) are also doing the interpretation.
For publicly traded companies only?
The law was written to give the Securities Exchange Commission a loaded gun to hold to the heads of CEO's who claim they didn't know anything about the phony books. Thus it technically affects only publicly traded companies of a certain size and number of shareholders. Wanna bet?
While the publicly traded companies are required to be compliant, we are already seeing CPA firms tightening the reign on privately held companies. Who wants to certify the books of a company that has no internal controls? My guess is that within a few years state and local government will be held to the same or similar standards
Where Does GIS Fit In?
In its simplest definition, GIS relates an asset or an event to a location. I know that, you know that. I am also fairly well versed in the requirements of SOX. Yet, I never saw the relationship between SOX and GIS until I had a conversation with Mark Pretnar of Computer Technology Solutions, Inc. (CTS) (http://www.askcts.com), a professional software engineering firm.
We were discussing PRISM™ (Property Record Information System Manager), a system originally developed by CTS for Alabama Power. In short, PRISM links a utility’s GIS with its assets and property records. The underlying technology automates the extraction of attribute data and the creation of digital imagery repository. It is creating, then linking attribute data, not an image of a deed or other property record.
So what about SOX? Out of the blue, Mark said “it is an important tool for SOX compliance.”
I did not get it until he added “Under SOX, you have to prove that you actually own the assets that are on your balance sheet.” Duh! Of course you do. Unfortunately, in many organizations, the folks working on GIS do not understand SOX, and the folks working on SOX, do not understand GIS. If GIS is not involved in the SOX compliance process, then a company could be looking at one set of its assets while reporting another. SOX has tough penalties for that kind of sloppiness.
Under section 404 of the act, your auditors must attest to the soundness of your internal controls. That means that any IT system that touches financial data must be well documented, secure and accurately record, store, report and maintain the data. To fulfill these requirements, you will need both a well structured and coordinated process, and a framework for project management, record storage and retention, and document management. If GIS is maintaining data on assets such as infrasturcture, it falls under SOX compliance regulations.
Is Mark on the Mark?
So, is Mark right? Does GIS have a role in helping a company be compliant under Sarbanes-Oxley? Let us know by voting in this simple pole.
![](\"http://ws-na.amazon-adsystem.com/s/noscript?tag=theharlowrepo-20\")
