Análisis del impacto de la adecuación de los procesos de tecnología de la información operativa a los requisitos de la ley Sarbanes-Oxley en una empresa financiera

Autores/as

DOI:

https://doi.org/10.33448/rsd-v10i1.11374

Palabras clave:

Ley Sarbanes-Oxley; SOX; Gobierno corporativo; Gobierno de tecnologías de la información; Rama financiera.

Resumen

En la década de 1990, algunas empresas estadounidenses que cotizan en bolsa defraudaron sus resultados financieros, creando una imagen de estabilidad irreal. Esta situación afectó el grado de confianza de los inversores, creando la Ley Sarbanes-Oxley (SOX), que obligó a las empresas a adecuar sus procesos, incluidos los de Tecnologías de la Información (TI), a las normas de dicha ley. El objetivo de este trabajo fue analizar el impacto causado a los procesos operativos de TI con su adecuación a los requerimientos de SOX en una empresa del sector financiero. Este objetivo se persiguió mediante el análisis de la información obtenida, comparando las situaciones de los distintos procesos operativos de TI en los periodos Pre y Post SOX. Se adoptó una metodología de investigación descriptiva y exploratoria. Junto con el levantamiento bibliográfico, se recogieron datos reales reportados por los profesionales que participaron en las actividades contempladas en el trabajo, mediante la aplicación de entrevistas no estructuradas. El relevamiento bibliográfico mostró que, aunque importante, hay pocos estudios que presenten el impacto y la adecuación de SOX a sus procesos operativos de TI. La mayoría de ellos están relacionados con la gestión de procesos, lo que revela la importancia de este trabajo. Los resultados mostraron la necesidad de implementar procesos de control SOX, como la creación de una tabla de control para monitorear el procesamiento, también mostraron que hubo un aumento en los tiempos de procesamiento de las rutinas por lotes y procesamiento de las aplicaciones en línea debido al aumento de la información generada y almacenado. Se concluyó que hubo impacto en los procesos operativos con su adaptación a los requerimientos SOX.

Biografía del autor/a

Renato José Sassi, Universidade Nove de Julho

Programa de Mestrado e Doutorado em Informática e Gestão do Conhecimento

Citas

Arrivabene, A., Sassi, R. J., & Romero, M. (2011). Corporate sustainability with security to investors: Analyses of Business Intelligence governance following the requirements of Sarbanes-Oxley Law. Proceedings of the 3rd International Conference On Communication Software And Networks (ICCSN), pp. 224- 228. DOI: 10.1109/ICCSN.2011.6013580.

Andrade, A., & Rossetti, J. P. (2004). Governança Corporativa: fundamentos, desenvolvimento e tendências. São Paulo: Atlas.

Agrawal, R., Johnson, C., Kiernan, J., & Leymann, F. (2006). Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. Proceedings of the 22nd International Conference On Data Engineering (ICDE '06), pp. 92. DOI: 10.1109/ICDE.2006.155.

Badele, C. S., & Fundeanu, D. (2014). Policy's Beneficiaries of Corporate Governance and Diversification Strategy. Procedia - Social and Behavioral Sciences, 124(20), pp. 468-477. DOI: 10.1016/j.sbspro.2014.02.509.

Bequai, A. (2003). Safeguards for IT Managers and Staff under the Sarbanes Oxley Act. Computers & Security, 22(2), pp. 124-127.

Borgerth, V. M. C. (2007). SOX: Entendendo a Lei Sarbanes-Oxley. (1. ed.) Rio de Janeiro: Thomson.

Broni, G., & Velentzas, J. (2012). Corporate Governance, Control and Individualism as a Definition of Business Success. The Idea of a “Post - Heroic” Leadership. Procedia Economics and Finance, 1, pp. 61-70. DOI: 10.1016/S2212-5671(12)00009-3.

Chan, S. (2004). Sarbanes Oxley: The IT Dimension. The Internal Auditor, 61(1), pp. 31- 33.

Crespí-Cladera, R., & Pascual-Fuster, B. (2014). Does the independence of independent directors matter? Journal of Corporate Finance, 28, pp. 116-134. http://dx.doi.org/10.1016/j.jcorpfin.2013.12.009.

Claessens, S., & Yurtoglu, B. B. (2013). Corporate governance in emerging markets: A survey. Emerging Markets Review, 15, pp. 1-33. http://dx.doi.org/10.1016/j.ememar.2012.03.002.

Defond, M. L., & Francis, J. R. (2005). Audit research after Sarbanes-Oxley. Auditing: A Journal of Practice & Theory, 24, pp. 5-30.

Gelatti, C. B., Meneghetti, D., & Silva, T. M. (2010). Análise da adequação das empresas brasileiras à Lei Sarbanes-Oxley. Revista Brasileira de Contabilidade, 186, pp. 69-84.

Gil, A. C. (2002). Como elaborar projetos de pesquisa. (1. ed.) São Paulo: Atlas.

Hinde, S. (2004). Crime and punishment: corporate governance. Computer Fraud & Security, 6, pp. 4-7. http://dx.doi.org/10.1016/S1361-3723(04)00074-0.

IBGC. (2020). Instituto Brasileiro de Governança Corporativa. O que é governança corporativa. Conhecimento. Recuperado. Disponível em: http://www.ibgc.org.br.

ISO/IEC JTC 1/SC 40 (2015). Information technology — Governance of IT for the organization. Technical Report #ISO/IEC 38500:2015.

Jain, S., Jain, P., & Rezaee, Z. (2010). Stock market reactions to regulatory investigations: Evidence from options backdating. Research in Accounting Regulation, 22(1), pp. 52-57. http://dx.doi.org/10.1016/j.racreg.2009.11.004.

Juiz C.; Palacios R. C. (2020). IEEE/ACM Extending Software Development Governance to meet IT Governance. Seoul, Republic of Korea, 2020.05.23. doi.org/10.1145/3387940.3392211.

Juiz, C. and Toomey, M. (2015). To Govern IT, or Not to Govern IT? Commun. ACM. 58, 2 (Jan. 2015), 58–64. doi:https://doi.org/10.1145/2656385.

Kaarst-Brown, M. L., & Kelly, S. (2005). IT Governance and Sarbanes Oxley: The Latest Sales Pitch or Real Challenges for the IT Function? Proceedings of the Ieee 38th Hawaii International Conference On System Sciences, pp. 236-246. DOI: 10.1109/HICSS.2005.361.

Karpoff, J. M. (2019). The future of financial fraud. Journal of Corporate Finance, in press. https://doi.org/10.1016/j.jcorpfin.2020.101694.

Kim, E. H., & Lu, Y. (2013). Corporate governance reforms around the world and cross-border acquisitions. Journal of Corporate Finance, 22, pp. 236-253. http://dx.doi.org/10.1016/j.jcorpfin.2013.05.005.

Labadessa, E.; Rosini, A. M.; Palmisano, A.; Conceição, M. M. Good hospital governance: planned adjustments for results in improving public care for patients. Research, Society and Development, [S. l.], v. 9, n. 2, p. e06921587, 2020. DOI: 10.33448/rsd-v9i2.1587. Disponível em: https://rsdjournal.org/index.php/rsd/article/view/1587. Acesso em: 25 dec. 2020.

Leveson N. (2011). Engineering a safer world: Systems thinking applied to safety. MITpress.

Li, W., Chen, C. C., & French, J. J. (2012). The relationship between liquidity, corporate governance, and firm valuation: Evidence from Russia. Emerging Markets Review, 13(4), pp. 465-477. http://dx.doi.org/10.1016/j.ememar.2012.07.004.

Lo, D. (2012). OHS Stewardship - Integration of OHS in Corporate Governance. Procedia Engineering, 45, pp. 174-179. http://dx.doi.org/10.1016/j.proeng.2012.08.139.

Lunardi, G. L., Becker, J. L., & Maçada, A. C. G. (2012). Um estudo empírico do impacto da governança de TI no desempenho organizacional. Produção, 22(3), pp. 612-624. http://dx.doi.org/10.1590/S0103-65132012005000003.

Luo, Y. (2005). How does globalization affect corporate governance and accountability? A perspective from MNEs. Journal of International Management, 11(1), pp. 19-41, http://dx.doi.org/10.1016/j.intman.2004.11.003.

Lynch A. H.; Veland S. (2018). Urgency in the Anthropocene. MITPress.

Menezes, A. M. (2018). A Influência da Lei Sarbanes-Oxley (SOX) nas Normas e Regras Nacionais da Governança Corporativa no Setor de Telecomunicações do Brasil. 2018. 128. Dissertação – Universidade Federal do Paraná, Curitiba, 2018.

Paré, G., Guillemette, M.G. and Raymond, L. (2019). IT centrality, IT management model, and contribution of the IT function to organizational performance: A study in Canadian hospitals. Information & Management. (Aug. 2019), 103198. DOI:https://doi.org/10.1016/j.im.2019.103198.

Parkinson, J., & Bloom S. (2003). Surviving Sarbanes Oxley. Optimize, 73, pp. 31-42.

Posthumusa, S., & Solms, R. Von. (2005). IT oversight: an important function of corporate governance. Computer Fraud & Security, 2005(6), pp. 11-17. http://dx.doi.org/10.1016/S1361-3723(05)70222-0.

Purcinelli, L. M.; Abreu, R.; Roux, A. M. (2019). Automation Through an ERP System of the Accounting and Internal Control Procedures According with SOX Law. Coimbra, Portugal: IEEE 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), 2019.07.15, DOI: 10.23919/CISTI.2019.8760666.

Rezaee, Z. (2004). Corporate Governance Role in Financial Reporting. Research in Accounting Regulation, 17, pp. 107-149, http://dx.doi.org/10.1016/S1052-0457(04)17006-9.

Schmitt, A., Raisch, S., & Volberda, H. W. (2016). Strategic renewal: Past research, theoretical tensions and future challenges. International Journal of Management Reviews, 00, 1–18.

Soh D. S. B.; Martinov N. B. (2011). The internal audit function: Perceptions of internal audit roles, effectiveness and evaluation. Managerial Auditing Journal 26,7(2011),605–622.

Solms, B. Von. (2006). Information Security – The Fourth Wave. Computers & Security, 25(3), pp. 165-168. DOI: 10.1016/j.cose.2006.03.004.

Souza, L. O. de; Pedreiro, I. L. D.; Barbosa, A. L. M. A.; Castro, W. A. de. (2019). The influence of Corporate Governance on the profitability of Financial Institutions. Research, Society and Development, [S. l.], v. 8, n. 8, p. e09881179, 2019. DOI: 10.33448/rsd-v8i8.1179. Disponível em: https://rsdjournal.org/index.php/rsd/article/view/1179. Acesso em: 25 dec. 2020.

Swartz, N. (2003). The Cost of Sarbanes Oxley. Information Management Journal, 37, pp.8 - 26.

Sievinen, H. M., Ik¨aheimonen, T., & Pihkala, T. (2020). Strategic renewal in a later- generation family-owned company. Long Range Planning, 53(2), 1–19.

Tan, Z. (2014). The construction of calculative expertise: The integration of corporate governance into investment analyses by sell-side financial analysts. Accounting, Organizations and Society, 39(5), pp. 362-384, http://dx.doi.org/10.1016/j.aos.2014.05.003.

Tariq, Y. B., & Abbas, Z. (2013). Compliance and multidimensional firm performance: Evaluating the efficacy of rule-based code of corporate governance. Economic Modelling, 35, pp. 565-575, http://dx.doi.org/10.1016/j.econmod.2013.08.015.

Tham D. K.; Madni M. A. (2014). IEEE SOX compliance with OEE, enterprise modeling and temporal-ABC. Waikoloa, HI, USA, 2014.10.27. DOI: 10.1109/WAC.2014.6935737.

Todeva, E. (2005). Governance, control and coordination in network context: the cases of Japanese Keiretsu and Sogo Shosha. Journal of International Management, 11(1), pp. 87-109. http://dx.doi.org/10.1016/j.intman.2004.11.008.

Turel, O., Liu, P. and Bart, C. (2019). Board-Level IT Governance. IT Professional. 21, 2 (Mar. 2019), 58–65. DOI:https://doi.org/10.1109/MITP.2019.2892937.

Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harward Business School Press.

Windsor, D. (2009). Tightening corporate governance. Journal of International Management, 15(3), pp. 306-316. http://dx.doi.org/10.1016/j.intman.2009.02.003.

Wintoki, M. B. (2007). Corporate boards and regulation: The effect of the Sarbanes–Oxley Act and the exchange listing requirements on firm value. Journal of Corporate Finance, 139(2-3), pp. 229-250. http://dx.doi.org/10.1016/j.jcorpfin.2007.03.001.

Zalewska, A. (2014). Challenges of corporate governance: Twenty years after Cadbury, ten years after Sarbanes–Oxley. Journal of Empirical Finance, 27, pp. 1-9, http://dx.doi.org/10.1016/j.jempfin.2013.12.004.

Publicado

03/01/2021

Cómo citar

ARRIVABENE, A. .; SASSI, R. J.; ANDRELO, P. F. A. .; MOURA, M. L. A. de O. . Análisis del impacto de la adecuación de los procesos de tecnología de la información operativa a los requisitos de la ley Sarbanes-Oxley en una empresa financiera. Research, Society and Development, [S. l.], v. 10, n. 1, p. e7710111374, 2021. DOI: 10.33448/rsd-v10i1.11374. Disponível em: https://rsdjournal.org/index.php/rsd/article/view/11374. Acesso em: 25 dic. 2024.

Número

Sección

Ciencias Exactas y de la Tierra