Term Paper on "Policy Formulation in a World of Digital Information"

Term Paper 12 pages (5010 words) Sources: 1+

[EXCERPT] . . . .

Policy Formulation in a world of digital information

Some view involvement in information policy, particularly in the government or public sector, as a means of asserting control over information. Describe the subtle, but important differences between "control of information" and its "management" or "organization."

The dichotomy that exists in the control of information on the one hand and the pervasive availability of it on the other is at the center of the debate between the "control of information" on the one hand and its "management" or "organization" on the other. Nowhere is this dichotomy more visible than in the area of compliance, specifically the tensions that are mounting between the government's many initiatives at compliance being more focused on the control of information vs. being prescriptive about its management. Globally, compliance initiatives are being used by governments to gain greater control over information and nowhere are this more prevalent than in the dynamics occurring around the Sarbanes-Oxley Act (2002). Many research and advisory firms are tracking the issues, trends, and implications of Sarbanes-Oxley on publicly-held corporations in the U.S., and AMR Research (2005) has quantified spending on Sarbanes-Oxley for 2006 at $6B, comprised of Internal labor within companies as 39% of the total or $2.3B, followed by technology comprising 32% or $1.9B in technologies including software applications and systems, with external consulting being 29% or $1.8B in external consulting. Indian outsourcing companies are reporting consistently strong financial results as a result of Sarbanes-Oxley legislation, according to in-country reporting from The Economist

Continue scrolling to

download full paper ⤓

(2006).

Fundamentals of Sarbanes-Oxley

When the legislators created the Sarbanes-Oxley Act they were deliberately non-prescriptive in their approach to defining the specifics of the Act itself, focusing instead on defining compliance for disclosing financial results and financial performance over time. Sarbanes-Oxley has been successful in enabling higher levels of accountability throughout publicly-held companies mainly as a result of re-defining core processes as they relate to financial reporting and disclosure of events, both positive and negative that impacts a company's financial performance. The Economist (2006) also states that Indian outsourcers are the greatest beneficiaries from Sarbanes-Oxley spending as U.S.-based companies are often choosing to re-define business processes that are critical to their companies in addition to attaining Sarbanes-Oxley compliance through outsourcing. Another research and advisory firm, (Gartner 2005) defines the strategy of compliance around Sarbanes-Oxley as arduous, including first a company's interpretation of what the business regulations to their specific circumstances, understanding where the organization currently stands relative to compliance efforts, documenting a plan for achieve compliance, executing it, and devising measures and controls.

Inherent in Sarbanes-Oxley compliance efforts is the synchronizing of the many databases and data marts that contain financial data. The growth of Enterprise Content Management (ECM) has been in direct response to the need for greater coordination of financial data and the re-defining of processes to make Sarbanes-Oxley compliance easier accomplished including successful completion of audits by Sarbanes-Oxley auditors.

Columbus and Murphy (2002) defined through their series of research initiatives on the adoption of enterprise content management (ECM) as a unifying strategy across all content stores had a 5% penetration rate into many organizations. The more balkanized and fragmented content sources are in an organization the greater the need for peer-to-peer storage architectures. Columbus and Murphy found that business strategies are driving the need for peer-to-peer integration points across homegrown, legacy, third party, best-of-breed, and ERP systems' databases.

Analyzing How Sarbanes-Oxley Is Redefining Processes and IT Spending

By this point, all publicly held companies are well down the path to SOX compliance, as a direct result of the original Section 404 compliance deadlines being very tight. The SEC has since pushed out the deadlines for small company 404 compliance to July 15, 2006. Despite this legislation focusing on the disclosure of significant events by C-level executives, the majority of the work falls on database administrators and the IT staffs.

Four sections of Sarbanes-Oxley affect IT organizations:

Section 302: Corporate Responsibility for Financial Reports. Requires that firms audit, verify, and take corrective action to make sure that their financial data has a high level of accuracy and transactions are ACID-compliant.

Section 404: Management Assessment of Internal Controls. By far the most well-known of the sections in the SOX Act, section 404 calls for support for internal controls that are auditable by a third party. This section gets the most focus because it's pushed most often by accounting firms that sell auditing services. What's most interesting about Section 404 is the fact that liability for reporting accuracy also carries forward to outsourcers who are contracted to complete this work.

Section 409: Real-Time Issuer Disclosures. This section defines how quickly a company has to report a material event to the public on a rapid and current basis. Many analyst firms say that the rule is 72 hours or less, and define a material event as any task that has a lasting financial impact on a firm. There's considerable debate about just what is and isn't a material event today -- and the fact that synchronization between databases is at the heart of reporting material events throughout a company.

Section 802: Criminal Penalties for Altering Documents. Focusing on the requirement of retaining records and defining policies for archiving data, this section has the hardest impact on IT, and what's most interesting about this specific area of the Act is that it's not prescriptive, just instructive. This is a major difference for any IT team working on SOX compliance -- the Act itself doesn't tell you how to do this, but what level needs to be done.

Sarbanes-Oxley Audits Are the Big News for 2006

Database administrators in companies who are working to achieve Sarbanes-Oxley compliance are responsible for making their systems, processes, and reports ready for auditors to approve. These SOX Audits are what the Securities and Exchange Commission looks at in addition to a company's own auditors review to ensure all financial statements and the processes used to produce them are consistent and clear in their results. Often SOX Auditors are finding that the underlying processes, not the reports or financial analysis, are what need fine-tuning.

The lessons learned from going through a SOX audit, pointing out key reasons why companies fail their security and compliance audits, are described below:

There tends to be an inconsistency in approaches for all audits. Some auditors start and stay on documentation, while others drill into logging security and frequency. The bottom line is that documenting processes -- just like ISO 9000 efforts from the past -- are what make or break a good audit. Even when a company gets audited several times, there is no standardized checklist every auditor goes down to ensure compliance.

Auditors are expecting documentation of authentication levels, usernames, and passwords. One Database Administrator found that a schematic to show the interrelationships of applications was very helpful and further built out the authentication schemes used to validate in-firewall, VPN, and extranet logins.

A common point of failure: Inefficient or unused security management on financial systems of record, including lack of support for single sign-on. Further, companies in this category often had their financial systems hacked more than once in a security audit.

Measuring progress toward compliance with your own scorecard is critical. With the typical SOX project costing $4M, it's in your company's best interest to create database performance scorecards to measure compliance progress every quarter before starting en mass reengineering of processes.

Line

The need for archiving and creating auditable workflows has already been causing changes in the best run IT organizations. SOX compliance requirements are forcing system upgrades in many cases for greater overall system performance. What is most vexing about all this compliance legislation is its interpretative nature and the confusion over just what constitutes a compliant strategy. The bottom line is that compliance is a corporate-wide strategy.

References

AMR Research (2005)- SOX Spending for 2006 to Exceed $6B. John Hagerty and Fenella Sirkisoon. Tuesday November 29, 2005. Accessed from the Internet on July 1, 2006:

http://www.amrresearch.com/Content/View.asp?pmillid=18967

Columbus and Murphy (2002) - Re-orienting Your Content and Knowledge Management Strategies. AMR Research. Boston, MA. Report and research findings published October 2002. Retrieved April 26, 2005:

http://www.lwcresearch.com/filesfordownloads/ReorientingYourContentandKnowledgeMgmtStrategy.pdf

Economist (2006) - Virtual champions. Economist Magazine. June 1, 2006. Retrieved from the Internet on July 2, 2006: http://www.economist.com/surveys/PrinterFriendly.cfm?story_id=6969722

Gartner (2005)

Compliance Has Many Faces. Bace, Leskela, Rozwell. Industry Research Brief G00125885. Gartner Group. January 31, 2005.

Hagerty (2006) - Lowering SOX Costs through Scope Reduction. Alert by John Hagerty.

AMR Research. Boston, MA. Thursday May 18, 2006. Accessed from the Internet on July 2, 2006:

http://www.amrresearch.com/Content/View.asp?pmillid=19469

Sarbanes-Oxley Act (2002) - U.S. Senators Sarbanes and Oxley. Passed in 2002 by both U.S. House of Representatives and U.S. Senate. Text viewed on the Internet on April 24, 2006:

http://www.aicpa.org/info/sarbanes_oxley_summary.htm

Task 2

What were some projections (promises) of digital democracy that would be enabled by ubiquitous computing and networking? How many of these identified promises has been realized? What promise of digital age democracy has clearly failed? Were these disappointments due to over… READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Policy Formulation in a World of Digital Information" Assignment:

“

Task 1 (required)---6 pages

As information technology has become an increasingly critical component of the information economy, IT has been the subject of a flurry of statutory and regulatory control. The policies that have emerged as a result of increased legal scrutiny have the been the subject of extensive discussions and writings. What information policy experts have yet to explore, in-depth, are how these laws, regulations, and policies are formulated. Law and regulation, in general, are the result of political dynamics that shape the outcome of policy. Such is clearly the case in the development of information policy. Industry stakeholders, regulators, and legislators are the most obvious participants. There are many others, however. Some of the most obvious participants are associations or think tanks.

During the course of the class you will be assigned an association or think tank. You should write a brief research paper (not more than 5-7 pages) that identifies and explains the think tank or association. Your paper should be descriptive and analytical. The paper should be sure to include the following elements: background of the organization; identification of major players and stakeholders; outline the highest priority issues of the organization; identify funding sources, board members, advisors, and major researchers; discuss any political leanings that you can discern, etc.

Complete ONLY 3 of the following 4 tasks.--each task 2 pages

Task 2

Some view involvement in information policy, particularly in the government or public sector, as a means of asserting control over information. Describe the subtle, but important differences between "control of information" and its "management” or “organization."

Task 3

What were some projections (promises) of digital democracy that would be enabled by ubiquitous computing and networking? How many of these identified promises have been realized? What promise of digital age democracy have clearly failed? Were these disappointments due to over-hyping of the technology or is it still too early in the new digital age to give a clear assessment?

Task 4

How does culture shape the nature of information policy and the policy process? Be sure to cite examples to illustrate your points.

Task 5

Is the Digital Divide a serious concern in the U.S.? How much can such concerns be attributed to partisan politics and differing economic philosophies? What role should the U.S. government play in bridging the so-called “digital divide”? In contrast, how serious is the “digital divide,” internationally? Give examples.

*****

How to Reference "Policy Formulation in a World of Digital Information" Term Paper in a Bibliography

“Policy Formulation in a World of Digital Information.” A1-TermPaper.com, 2006, https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285. Accessed 3 Jul 2024.

Policy Formulation in a World of Digital Information (2006). Retrieved from https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285

A1-TermPaper.com. (2006). Policy Formulation in a World of Digital Information. [online] Available at: https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285 [Accessed 3 Jul, 2024].

”Policy Formulation in a World of Digital Information” 2006. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285.

”Policy Formulation in a World of Digital Information” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285.

[1] ”Policy Formulation in a World of Digital Information”, A1-TermPaper.com, 2006. [Online]. Available: https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285. [Accessed: 3-Jul-2024].

1. Policy Formulation in a World of Digital Information [Internet]. A1-TermPaper.com. 2006 [cited 3 July 2024]. Available from: https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285

1. Policy Formulation in a World of Digital Information. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/policy-formulation-world/160285. Published 2006. Accessed July 3, 2024.

Related Term Papers: