Policy Formulation in a World of Digital Information Term Paper

Pages: 12 (5010 words)  ·  Bibliography Sources: ≈ 5  ·  File: .docx  ·  Level: College Senior  ·  Topic: Business - Management

Policy Formulation in a world of digital information

Some view involvement in information policy, particularly in the government or public sector, as a means of asserting control over information. Describe the subtle, but important differences between "control of information" and its "management" or "organization."

Get full Download Microsoft Word File access
for only $8.97.
The dichotomy that exists in the control of information on the one hand and the pervasive availability of it on the other is at the center of the debate between the "control of information" on the one hand and its "management" or "organization" on the other. Nowhere is this dichotomy more visible than in the area of compliance, specifically the tensions that are mounting between the government's many initiatives at compliance being more focused on the control of information vs. being prescriptive about its management. Globally, compliance initiatives are being used by governments to gain greater control over information and nowhere are this more prevalent than in the dynamics occurring around the Sarbanes-Oxley Act (2002). Many research and advisory firms are tracking the issues, trends, and implications of Sarbanes-Oxley on publicly-held corporations in the U.S., and AMR Research (2005) has quantified spending on Sarbanes-Oxley for 2006 at $6B, comprised of Internal labor within companies as 39% of the total or $2.3B, followed by technology comprising 32% or $1.9B in technologies including software applications and systems, with external consulting being 29% or $1.8B in external consulting. Indian outsourcing companies are reporting consistently strong financial results as a result of Sarbanes-Oxley legislation, according to in-country reporting from The Economist (2006).

Fundamentals of Sarbanes-Oxley

Term Paper on Policy Formulation in a World of Digital Information Assignment

When the legislators created the Sarbanes-Oxley Act they were deliberately non-prescriptive in their approach to defining the specifics of the Act itself, focusing instead on defining compliance for disclosing financial results and financial performance over time. Sarbanes-Oxley has been successful in enabling higher levels of accountability throughout publicly-held companies mainly as a result of re-defining core processes as they relate to financial reporting and disclosure of events, both positive and negative that impacts a company's financial performance. The Economist (2006) also states that Indian outsourcers are the greatest beneficiaries from Sarbanes-Oxley spending as U.S.-based companies are often choosing to re-define business processes that are critical to their companies in addition to attaining Sarbanes-Oxley compliance through outsourcing. Another research and advisory firm, (Gartner 2005) defines the strategy of compliance around Sarbanes-Oxley as arduous, including first a company's interpretation of what the business regulations to their specific circumstances, understanding where the organization currently stands relative to compliance efforts, documenting a plan for achieve compliance, executing it, and devising measures and controls.

Inherent in Sarbanes-Oxley compliance efforts is the synchronizing of the many databases and data marts that contain financial data. The growth of Enterprise Content Management (ECM) has been in direct response to the need for greater coordination of financial data and the re-defining of processes to make Sarbanes-Oxley compliance easier accomplished including successful completion of audits by Sarbanes-Oxley auditors.

Columbus and Murphy (2002) defined through their series of research initiatives on the adoption of enterprise content management (ECM) as a unifying strategy across all content stores had a 5% penetration rate into many organizations. The more balkanized and fragmented content sources are in an organization the greater the need for peer-to-peer storage architectures. Columbus and Murphy found that business strategies are driving the need for peer-to-peer integration points across homegrown, legacy, third party, best-of-breed, and ERP systems' databases.

Analyzing How Sarbanes-Oxley Is Redefining Processes and IT Spending

By this point, all publicly held companies are well down the path to SOX compliance, as a direct result of the original Section 404 compliance deadlines being very tight. The SEC has since pushed out the deadlines for small company 404 compliance to July 15, 2006. Despite this legislation focusing on the disclosure of significant events by C-level executives, the majority of the work falls on database administrators and the IT staffs.

Four sections of Sarbanes-Oxley affect IT organizations:

Section 302: Corporate Responsibility for Financial Reports. Requires that firms audit, verify, and take corrective action to make sure that their financial data has a high level of accuracy and transactions are ACID-compliant.

Section 404: Management Assessment of Internal Controls. By far the most well-known of the sections in the SOX Act, section 404 calls for support for internal controls that are auditable by a third party. This section gets the most focus because it's pushed most often by accounting firms that sell auditing services. What's most interesting about Section 404 is the fact that liability for reporting accuracy also carries forward to outsourcers who are contracted to complete this work.

Section 409: Real-Time Issuer Disclosures. This section defines how quickly a company has to report a material event to the public on a rapid and current basis. Many analyst firms say that the rule is 72 hours or less, and define a material event as any task that has a lasting financial impact on a firm. There's considerable debate about just what is and isn't a material event today -- and the fact that synchronization between databases is at the heart of reporting material events throughout a company.

Section 802: Criminal Penalties for Altering Documents. Focusing on the requirement of retaining records and defining policies for archiving data, this section has the hardest impact on IT, and what's most interesting about this specific area of the Act is that it's not prescriptive, just instructive. This is a major difference for any IT team working on SOX compliance -- the Act itself doesn't tell you how to do this, but what level needs to be done.

Sarbanes-Oxley Audits Are the Big News for 2006

Database administrators in companies who are working to achieve Sarbanes-Oxley compliance are responsible for making their systems, processes, and reports ready for auditors to approve. These SOX Audits are what the Securities and Exchange Commission looks at in addition to a company's own auditors review to ensure all financial statements and the processes used to produce them are consistent and clear in their results. Often SOX Auditors are finding that the underlying processes, not the reports or financial analysis, are what need fine-tuning.

The lessons learned from going through a SOX audit, pointing out key reasons why companies fail their security and compliance audits, are described below:

There tends to be an inconsistency in approaches for all audits. Some auditors start and stay on documentation, while others drill into logging security and frequency. The bottom line is that documenting processes -- just like ISO 9000 efforts from the past -- are what make or break a good audit. Even when a company gets audited several times, there is no standardized checklist every auditor goes down to ensure compliance.

Auditors are expecting documentation of authentication levels, usernames, and passwords. One Database Administrator found that a schematic to show the interrelationships of applications was very helpful and further built out the authentication schemes used to validate in-firewall, VPN, and extranet logins.

A common point of failure: Inefficient or unused security management on financial systems of record, including lack of support for single sign-on. Further, companies in this category often had their financial systems hacked more than once in a security audit.

Measuring progress toward compliance with your own scorecard is critical. With the typical SOX project costing $4M, it's in your company's best interest to create database performance scorecards to measure compliance progress every quarter before starting en mass reengineering of processes.


The need for archiving and creating auditable workflows has already been causing changes in the best run IT organizations. SOX compliance requirements are forcing system upgrades in many cases for greater overall system performance. What is most vexing about all this compliance legislation is its interpretative nature and the confusion over just what constitutes a compliant strategy. The bottom line is that compliance is a corporate-wide strategy.


AMR Research (2005)- SOX Spending for 2006 to Exceed $6B. John Hagerty and Fenella Sirkisoon. Tuesday November 29, 2005. Accessed from the Internet on July 1, 2006:


Columbus and Murphy (2002) - Re-orienting Your Content and Knowledge Management Strategies. AMR Research. Boston, MA. Report and research findings published October 2002. Retrieved April 26, 2005:


Economist (2006) - Virtual champions. Economist Magazine. June 1, 2006. Retrieved from the Internet on July 2, 2006: http://www.economist.com/surveys/PrinterFriendly.cfm?story_id=6969722

Gartner (2005)

Compliance Has Many Faces. Bace, Leskela, Rozwell. Industry Research Brief G00125885. Gartner Group. January 31, 2005.

Hagerty (2006) - Lowering SOX Costs through Scope Reduction. Alert by John Hagerty.

AMR Research. Boston, MA. Thursday May 18, 2006. Accessed from the Internet on July 2, 2006:


Sarbanes-Oxley Act (2002) - U.S. Senators Sarbanes and Oxley. Passed in 2002 by both U.S. House of Representatives and U.S. Senate. Text viewed on the Internet on April 24, 2006:


Task 2

What were some projections (promises) of digital democracy that would be enabled by ubiquitous computing and networking? How many of these identified promises has been realized? What promise of digital age democracy has clearly failed? Were these disappointments due to over… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Buy full paper (12 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Policy Analysis: IT Policy Thailand Advancement Essay

Information Technology (IT) Issues in E-Business Research Paper

Security - Agip Kazakhstan North Caspian Operating Term Paper

Impact of Big Data on Business Strategy Term Paper

How to Expand Company's Activities in the Rest of the Country Dissertation

View 200+ other related papers  >>

How to Cite "Policy Formulation in a World of Digital Information" Term Paper in a Bibliography:

APA Style

Policy Formulation in a World of Digital Information.  (2006, July 25).  Retrieved October 23, 2020, from https://www.essaytown.com/subjects/paper/policy-formulation-world-digital-information/160285

MLA Format

"Policy Formulation in a World of Digital Information."  25 July 2006.  Web.  23 October 2020. <https://www.essaytown.com/subjects/paper/policy-formulation-world-digital-information/160285>.

Chicago Style

"Policy Formulation in a World of Digital Information."  Essaytown.com.  July 25, 2006.  Accessed October 23, 2020.