The Effect Music Has on the Brain Essay Example for Free

The Effect Music Has on the Brain Essay Music has been around for centuries and centuries. We have heard that different types of music can be helpful and harmful. There are so many genres of music out there and it continues to grow. This research will look at studies done on music and how it effects and influences us and the Human Behavior. The Effect music has on the brain There have been many studies done on music and how or if it affects your brain, whether positively or negatively. There is no direct answer to this but we will take a look at why that is and the variety of reasons. years ago, when I became pregnant I tried something that is fairly common amongst new moms that I had heard about. I put on classical music and placed earphones on my belly. Like most moms I did not research the benefits or if what the rumors said were true. The idea behind this method was â€Å"If you play music while you’re pregnant so the baby can hear it, your baby will be smart†. Janet DiPietro a psychologist for the University of California at Irvine says â€Å"There are no studies done on the effects of stimulation before birth on intelligence, creativity, or later development†. However a study has been done on older children in who have had music lessons. Scientists at the Chinese University in Hong Kong, whose research was published in the journal Nature in 1998, say kids who have at least six years of music lessons before the age of 12 learn more words than those who go without. (Robledo). The Psychology of Music â€Å"Studies indicate that music can have profound physical and psychological effects not only on people but also on animals and plants†. (Copley, 2008 sec. 1). In 1997 a high school student by the name of David Merrill conducted a study for his school science project using mice, a maze, and music. There were two types of music used for this study the first being classical music, the second being hard rock. David wanted to see how music would affect the ability to learn new things. David let each mouse run through the maze and timed them using a stop watch to record their initial running times. On average the mice needed a good 10 minutes to find their way through the maze. He separated the mice into groups; the first group of mice was exposed to music of Mozart for ten hours every day for three weeks. The second group of mice listened to the heavy metal music from the group Anthrax for ten minutes as well. The volume was set at seventy decibels, which is about the same level as a vacuum cleaner or a television set from one meter away. The last group of 24 mice served as a control group and was not exposed to any music. What happened was extremely shocking. At the end of each week, David let all the mice run through the maze three times in a row while timing them. Group 3 of the non-musical mice only needed half the time. They completed the maze in five minutes. The Mozart mice completed the maze in one in a half minute!! The Hard Rock Mice stumbled around as if they were drunk, bumping into walls and took a whopping THIRTY minutes to complete the maze. What is even more interesting was this experiment ha to be done twice because the Hard Rock mice in the first experiment showed aggressive behavior and ended up killing each other off. A similar study has been conducted using plants as well. A scientist by the name of Dorothy Retallak conducted a study on plants and the effects different genres of music has on them. She used a group of petunias and separated them into two groups. The first group had a speaker on one side playing classical music for 3 hours of the day, the second group played rock for 3 hours of the day. She found that the petunias that listened to rock music refused to flourish and the petunias who listened to classical music developed beautifully. But that’s not all. In the second week of the experiment the petunias exposed to classical music leaned towards the speaker where the classical music was playing, and the Rocker Petunias did the exact opposite. They actually leaned away from the music and grew unevenly. Within the month the rocker petunias died. We’ve read about the effects that different music can have on animals and plants†¦ but what about the smartest creatures on the planet, I’m referring to you and me, Humans. Music Lyrics Influence on Human Behavior When I was younger I would hear about the older generation talk about â€Å"our music† today and how it has changed. They frowned upon the lyrics and the fast rapping, saggy pant wearing rappers. As a follower of hip hop I felt, they just didn’t understand. It’s not about the lyrics or what they’re saying, I defended; I just like the beat to dance to. But for some reason when I listened to RB like Jodeci, Aaliyah, R. Kelly, etc. , I knew it word for word and wanted to find what they were singing about, â€Å"Your love is one in a million† (Aaliyah, 1996). Personally when I’m having a horrible day I would put on music to make me feel better, something uplifting like gospel, or RB. But when I go out to have a good time and I know I’m about to dance I put on something a little more fast paced and up tempo such as hip hop and rap to get me ready for a night out on the town. The Association for Psychology Science (APS) says that intelligence boys between the ages of 6-15 who took music lessons scored higher on tests of verbal memory than a control group of students without musical training. Also Music is used as a therapy particularly with children who are diagnosed with autism. These children have a hard time interacting with peers and teachers and become annoyed very easily in noisy and changeable environments. Studies show that children with Autism respond very well to music therapy, it helps keep them calm when under duress and helps these individuals socialize effectively. Music Therapy uses musical interaction to help individuals with their cognitive and emotional challenges to improve their ability to function. By interacting with adults and children on the autism spectrum, musical therapists can build skills, lower anxiety, and even develop new communication skills. (Rudy, 2012) I grew up in hip hop and rap and can sing every word to any rap song that comes out on the radio lyric by lyric. But has it had an effect on me? I have been guilty of referring to myself as a â€Å"bad Bitch† which is defined as a hip hop term referring to â€Å"a self-respected, strong female who has everything together. That consists of body, mind, finances, and swagger. Also, a female who does gets hers by any means necessary†. And this is something I picked up from the hip hop generation in 2012. But if I picked this up as an adult what are younger more influential children picking up from this type of music that music that they may hear their older siblings or parents listening to? As a young female hearing the words you may not understand them at the time but once you have a song stuck in your head repetitively you begin to break down some of the phrases. I listen to Lil Wayne who has some of the catchiest beats and punch lines in hip hop. But I don’t hear the clever analogies until the third or fourth time I hear the song. Violent Music Lyrics â€Å"We’re not against Rap, We’re not against rappers, but we are against those thugs† (Lyrics to Bone Thugs and Harmony 1994 hit single Thuggish Ruggish Bone). American Psychological Association reports â€Å"Violent music lyrics increase aggressive thoughts and feelings†. Aggressive thoughts can influence perceptions of ongoing social interactions, coloring them with an aggressive tint. Such aggression-biased interpretations can, in turn, instigate a more aggressive response -verbal or physical than would have been emitted in a nonbiased state, thus provoking an aggressive escalatory spiral of antisocial exchanges. (Anderson, 2003, sec. 5) New hugely popular 17 year old Rapper Chief Keef from Chicago, Illinois raps about Guns, Killing, Gangs and violence. He has a criminal record, is currently on probation for a gun charge and has a huge following in his hometown. The violence rate in Chicago also happens to be the highest it’s ever been. In the first 127 days of 2012, 169 people were murdered in Chicago. â€Å"In Chicago, more than 530 people under the age of 21 have been killed since 2008 and many more have been shot or have otherwise suffered violence—often at the hands of their peers and particularly in the city’s African-American and Latino communities. Nearly 80 percent of youth homicides occurred in 22 black or Latino communities on the city’s South, Southwest and West sides—even though just one-third of the city’s population resided in those communities. The rate of youth homicide in West Englewood on the city’s South Side, for instance, was nearly five times higher than the citywide mark† (The Chicago Tribune reports). You cannot look at these facts and simply think it is a coincidence, if you do so I believe you may be deeply in denial. What I call the 90’s and Millennium babies, aren’t like the 80’s babies of my generation where we could listen to music as feel good music. In this later youth society I feel they cannot differentiate entertainment and real life. They want to live out what they hear and see on music videos and hear on the radio. In Chicago that life is shooting and killing your enemies, keeping it real with a non- remorseful attitude, and welcoming street life. The audience of the music from chief keef ranges from as young as 14 – 21 years of age. The questions of â€Å"where are their parents† always comes up in situations like this, and rightfully so. But that is a whole different article. In conclusion Music can be helpful, therapeutic, sensual and downright good for the soul. But there has and always will be music that reflects what we perceive as violent and or negative. Music is Just like food, what we put into our bodies is what we get out of it. If all you put into your body is poison, you then become poisoned. Vice Versa if you nurture and take of your body with positive nutrients you flourish like the flowers on classical music. You can drink here and there but when you become an alcoholic the damage can be fatal. Mix up your selection its ok to get a little loose with the beat and the rhythm but when you become what you hear. You are what you eat. Music can have an effect on your brain. Weather positive or negative depends on your choice of music, your mental state, and how you perceive the world and the things in it.

Tibetan Thanka Paintings :: Buddhism Religion Art Creative Papers

Tibetan Thanka Paintings Tibet, with its isolated, harsh geographical location and history of political and social remoteness would seem an unlikely place to provide a â€Å"cradle for creative art† (Bailey 22). Yet it is in this desolate section of the world that one of the most intriguing artistic cultures has been cultivating over hundreds of centuries. One facet of what makes Tibetan art so unique and interesting is its interdependency on its religious beliefs. In Tibet one might use the words â€Å"religion† and â€Å"culture† almost as synonyms, especially for the arts—literature, drama, painting, and sculpture. Not only were they inspired by religion, but religion was their very raison d’à ªtre (Pal 18). Tibetan thanka[1] paintings are a wonderful example of the interconnectedness of religion and art. These images are â€Å"not meant to be the object of simple idolatry† (Jackson 11), but rather take on a more interactive role, which can be applied to nearly every facet of traditional Tibetan life. Tibetan Buddhism pervades all aspects of the creation and use of thanka paintings—in the training and requirements of the artists who create the paintings, in the physical creative process itself, in the iconography used, and in all the painting’s multiple functions. Tibetan thanka paintings, throughout their entire lifespan—from concept to consecrated image—help devotional religious activity for Tibetan Buddhism[2]. Thanka Artists Types of Artists Tibetan thanka artists, of which there were two types, monks and professionals, work within the confines of religious tradition. Trained professionals made up the majority of thanka artists, all of whom studied for years under strict instruction. Lamas were also involved in the creation of many paintings, mainly in a supervisory capacity (Pal 25). The chief centers of Tibetan art were the monasteries that often supplied artists with work (Pal 24). Usually, professional artists either had their own studios or were attached to individual monasteries for the duration of specific jobs. Being an artist was not automatically hereditary and any talented adolescent boy could join a studio as an apprentice. The training period each child underwent was usually extensive and demanding: The apprentice was expected to study drawing for about sixteen months, simple coloring for ten months, and mixed coloring for at least a year. Only then was he allowed to paint under his teacher’s strict vigilance. This he did for many years before he was qualified to set up his own workshop (Pal 25).

Physical abuse and mental abuse

Physical abuse and mental abuse exist in a lot of relationships today. Many relationships fall apart due to the level of abuse that is present in the relationship Abuse has many forms. Abuse can be physical, mental, and emotional as well. Abuse can scar a person for life and is very dangerous. It is important to identify abuse in its early stages and to combat its effect and leave the relationship immediately or seek counseling immediately to resolve the issue. Physical abuse is a very dangerous thing.Physical abuse in a relationship should not be tolerated. If physical abuse is tolerated in a relationship it can lead to severe injuries or sometimes even death. Growing up as a child I was a part of physical, mental, and emotional abuse. The first time I saw my father hit my mother was when I was about 9 years old. We were living in New Haven Conneticut. It was about 8 in the morning. My dad had punched my mom in the mouth. It really had its effects on me mentally and emotionally.Seei ng my mother being abused affected me mentally and emotionally by not being able to do anything about it and felling helpless. I was in constant panic when he would raise his voice not knowing if he was going to be violent or attack my mother or my brothers and sisters. Seeing what happened as a child and what I was exposed to hindered me. The effects it put on me causes a lot of problems also for me today. It affects the way I interact with people in personal relationships and social relationships.Conflict and abuse affects a lot of people today in many ways and can cause people to become anti social and withdrawing. Conflict and abuse has become a very familiar thing. There are a lot of movies that demonstrates conflict and abuse and the many affects that it has on the people that are suffering from it. I learned a lot of great things from the reading. I learned that abuse has many different forms and is practiced or experienced in many relationships all over the world. I the read ing was very interesting and agree with its content.I will apply what I learned by help bring awareness to the affect that abuse has on relationships to people close to me and I will also continue to be aware myself. I will also try to avoid conflict even more in my relationships. I could use this information to help others by giving then the information that was giving to me and I believe that they will relate to a lot of things that they will read and help them to see that they are not alone. Conflict and abuse is very dangerous and should be avoided by any means. If it is not avoided, it can lead to many harmful affects.

Sarbanes-Oxley Act - Free Essay Example

Sample details Pages: 16 Words: 4948 Downloads: 2 Date added: 2017/06/26 Category Law Essay Type Narrative essay Did you like this example? Implementing Sarbanes-Oxley within an Environment: Understanding the controls used to implement Sarbanes-Oxley within an environment Recent high-profile corporate scandals (Enron, WorldCom, Tyco and Arthur Andersen etc.) have shattered the trust, of shareholders, legislators and authorities, in major publicly traded companies and have raised concerns for the state of corporate governance, not only in the United States, but also in other countries of the world. The United Kingdom is not immune to the wave of business fraud, corporate scandals, legislation changes and corporate environment restrictions. With the filing of bankruptcies, the US government had taken immediate action to prevent fraud in the future by enacting the Sarbanes-Oxley Act of 2002 (SOX), administered by the Securities and Exchange Commission (SEC). Similar restrictions and legislations have also been adopted in the UK, in an attempt to curb fraudulent acts from proliferating to the other sid e of the Atlantic through multinational public companies trading in the UK. SOX is a legislation designed to eliminate financial fraud and misstatements by greedy executives, unethical corporate practices and non-transparent business transactions. While SOX has redefined the roles, responsibilities and expectations of the board of directors, internal and external auditors, it has also reformed the practices within organizations. At the heart of the enactment of SOX is the implementation of control to oversee senior management, to secure accurate financial reporting information. Two major requirements of SOX are disclosure of material events and contingent liabilities (Rasch 2005). For this purpose, the role of information technology security has become enhanced, as it is expected to ensure transparency in decision-making, reliability and integrity in the system of disclosure. Yet IT experts are of the view that IT has a vague role in making SOX effective. IT security in SOX conte xt is limited to the extent of enhancing reliability and integrity in reporting, and it does not contribute towards prevention of fraud or unethical corporate behaviours. It cannot prevent senior management from engaging in financial misstatements; neither can it curb executives from over-arching organizational controls and processes. The questions that arise then are à ¢Ã¢â€š ¬Ã‹Å"what is the role of IT under SOX? What are the scope, narrative and control matrix for IT professionals within SOX environment? Are the frameworks for SOX implementation effective in achieving SOX objectives?à ¢Ã¢â€š ¬Ã¢â€ž ¢ Before the researcher attempts to answer these questions, a brief background to the emergence of SOX, and why it is needed, must be explored. The turn of the century saw a series of corporate scandals of companies such as Enron, WorldCom and Tyco etc. Their executives had been involved in unethical corporate practices that affected shareholders and stakeholders, alike. Enron and WorldCom filed for bankruptcies (which were followed suit by others) as a result of fraudulent accounting practices and executives greed. Not long before the issues surrounding Enron and WorldCom were resolved, Arthur Andersen, the auditing firm, was charged for malpractice, especially in non-disclosure of fraudulent financial transactions and reportage. At the time, not only the morals of corporate executives had come under scrutiny, but the gatekeepers of the same companies, namely the auditors, had also been questioned of their ethical conduct. The environment of corporate America had become scandalized. The public had become concerned and demanded immediate reforms for curbing more firms from engaging in similar practices. The demand for vigilant corporate governance, in the form of policies, as well as law, increased. The collusion of financial reporting fraud and audit fraud had led to the need for provisions that would keep tight control over accounting and auditing activiti es, and to mandate compliance procedures that require executive certification, independent audit, and provisions for binding organizations to securities regulations (Romano 2005). The onset of the election, as well as the anxious public, pressured Congress to pass a legislation to indict companies for fraud and to restate the status of the American economy. The result had been the enactment of the Sarbanes-Oxley Act of 2002. The Act, according to Rasch (2005), imposes significant accounting and control requirements on U.S. publicly owned companies (and probably on foreign companies which are either traded on U.S. exchanges or which make up a significant part of a U.S. companys financial reporting). SOX addresses the Enron scandal by establishing controls that would require the need for paper trails of audit activities; it mandates auditor independence; it enhances corporate responsibility; it requires executive accountability; and, more importantly, it establishes control systems by setting a series of compliance policies (Rasch 2005). Control refers to processes, in business or IT environment, whereby, internal controls over financial information generation, access, collection, storage, processes, transmission and usage are governed by a set of guidance. To formalize, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides guidelines for financial reporting processes and financial information recording, storage and access. Similarly, for IT auditors relevant guidelines, COBIT (Control Objectives for Information and Related Technologies), had been formed to provide an open standard established by the IT Governance Institute (ITGI), and the Information Systems Audit and Control Association. In the UK, this type of internal controls have been taken up by the IT Infrastructure Library (ITIL), published by the Office of Government Commerce (Rasch 2005). The basic premise for adopting the SOX standard (in the UK or otherwise) f or internal controls over IT infrastructure, is to ensure no repetition of the American dilemma, should it occur among UK corporations. After the American scandals, the government and securities commission realize there is a great need for internal controls to emphasize disclosure, both in terms of material events and contingent liabilities, to prevent bottom-line impact. Moreover, SOX is primarily enacted for the purpose of setting standards for accurate financial reporting information. Since, in modern organizations, there is a great reliance on information technology for transfer, store, access and process information, this means IT and its systems have to be reliable and dependable, in order to gear for transparent transaction, certification and compliance. However, before one can fully establish IT responsible for effective SOX compliance, one needs to understand that accurate financial reporting entails processes and elements that do not necessarily have direct link to fina ncial reportage. For example, decisions of board of directors, top company officials, as well as internal and external auditors, securities exchange authorities and so on (Tighter Sarbanes-Oxley Called For 2007), may not necessarily link with IT. Similarly, processes of risk assessment, control activities, monitoring, information and communications form the basis for accurate financial reportage. IT facilitates these activities, but may not be contingent for its accuracy. For these reasons, SOX has established sets of compliance and controls for companies to follow (Caterpillar and Internal Controls 2007). Although, the details of these compliances do not identify IT responsible for controlling fraud per se, nevertheless, it does enhance the role of IT departments and professionals within companies as gatekeepers. For example, Section 404 requires checking of internal controls, which means the implementation of COSO Framework is necessary. In Chans (2004) work, the author outlines t hat the Public Company Accounting Oversight Board (PCAOB), which sets auditing standards under SOX, refers to IT as affecting companys internal control over financial reporting. She writes: Because systems process and system-generated entries are an integral part of financial reporting, general IT and application controls should be documented and evaluated based on a disclosure and management assessment framework that is compatible with business-process mapping, to enhance consistency and quality. By the same token, the IT environment must be reviewed, along with the overall control environment, for the organization. Simply put, IT governance is an essential component and contributor to financial governance. (Chan 2004). In this context, IT becomes the processing environment that holds many key controls critical for SOX compliance. However, before one can qualify an organization as SOX compliant, its IT control activities need to meet specific criteria. Chan (2004), for example, points to the following assessment criteria: a. IT dependent business environment b. IT processes significant to business activities c. deficiency in IT solutions d. high risk due to computer operations e. organization processes, especially financial reports, dependent on computer processing. f. business based on enterprise-wide systems g. financial application systems used for transactions, interaction and recording of accounts h. dependence on IT processes for enterprise business end-to-end processes i. IT processes managed by third party outsource Apart from the above, the ITGI considers management of IT risks critical for IT governance and compliance. Risk, according to its report, exposes organizations to IT failures. IT related risks impact on business by exposing the business to operational crash, security breach or failed project. Technical complexity, dependence on service providers, limitation of reliable risk-monitoring information systems re sult in improper governance and risks. Implementation of frameworks, such as COSO, develop readily usable enterprise risk management programmes. Moreover, they provides guidance and direction for overcoming risks, and implement corporate governance, new legislations, regulations and standards (ITGI 2005). Chan (2004) further notes that SOX compliance means reporting rise from the transaction level all the way to its final destination in the financial statements. Processes involved in dissemination of information related to it, depend on the manual and automated controls of the IT framework. For this reason, IT control weaknesses often result in poor compliance and accountability. IT controls, therefore, must be business-driven. More importantly, it must follow a standardized framework that separates common information from sensitive ones, to minimize risks, as well as promote harmonization, of IT, internal auditing, finance and business units. SOX does not require organizations t o simply implement standard controls, but rather encourages organizations to assess and evaluate internal controls to devise efficient and least intrusive control information documentation, policies and methodologies (Chan 2004). Having said that, experts (Kendall 2007; Carter 2007; Roth 2007) are of the view that SOX compliance is still at its rudimentary stage as organizations in America and in other parts of the world are still grasping its compliance mandates. Kendall (2007), for example, cites organizations as still uncertain of an effective system of control over financial reporting. Provisions within SOX do not provide guidance for successful implementation of controls based on SOX mandates. As a result, companies are relying on their internal controls assessments and testing, to achieve control objectives relevant to SOX requirements, such as examination of risks, create IT risk inventory, reducing controls, consolidating controls, standardizing processes, monitoring chan ges and streamlining processes. Carter (2007) notes that CSA (control self-assessment) techniques are useful in identifying opportunities for improvement. The technique involves bringing together individuals from different business units of the organization, to gather information on company processes. The session encourages evaluation and redesigning of processes to provide accurate and timely documentation, financial and otherwise. Roth (2007) notes that the ERM (enterprise risk management) technique implies that SOX compliance does not necessarily result in prevention of fraud in the IT context. In fact, other frameworks are more effective in identifying, monitoring and assessing risks associated with IT systems and processes. As mentioned earlier, SOX does not really specify any framework for implementing internal controls. It merely mentions Internal Control and Integrated Framework. Internal control is just as ambiguous, as it means different things for different people. It is likely that miscommunication may occur as a result of different expectations and perceptions of internal control for SOX compliance. For example, internal control, according to COSO, can be defined as, a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives (COSO 2004). However, for different organizations, the composition of these elements and processes may differ. Furthermore, according to Damianides (2005), SOX legislation has created a great need for business to have IT internal control in place, to ensure data reliability and maintenance of ethical activities. It requires processes to be aligned with the Acts Section 302 and 404. Section 302 entrusts the responsibility of financial statements certification and disclosures to CEOs (chief executive officers) and CFOs (chief financial officers), while Section 404 requires internal controls of financial reportage wit hout actually outlining guidance or procedures for implementing them. Indeed, it has been the ITGI that has come up with the COSO international control framework for financial reporting. The COSO framework is based on the following objectives: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Thus, internal control is a process, affected by people and expected to provide reasonable assurance and achievement of objectives of one or more overlapping categories (Damianides 2005). The COSO framework follows the Public Company Accounting Oversight Board (PCAOB) and addresses issues related to: * Segregating accounting duties. * Developing effective boards and audit committees. * Managing with wider spans of control. * Implementing sound information technology controls. * Documenting the design and operation of controls. (Rittenberg, Martens and Landes 2007). The COSO framework outlines principles and components for effective risk management processes as well, which is why it is often confused with the ERM (enterprise risk management). The implementation process of COSO involves identification, assessment, response and controls set up and aligned with its strategic plans. The framework emphasizes on enterprise risk management responsibilities and activities that would result in achieving organizational objectives. To ensure that management processes are in place and function according to SOX compliance, an integrated framework can be set up based on COSO guidance. It encourages identification of risk, assessment of companys strategies, and ways to invest in setting up an internal control framework such as investment in effective ERM, establishing effective technology controls and relate it with financial reporting. COSO implementation differs from other internal control framework, as it is broader and incorporates concepts from various risk management stra tegies, set up and techniques. It requires external and internal control for financial reportage for SOX Section 404 compliance. As a result, not only the board of directors, but management executives, along with CFO and CIO, become part of the disciplines and procedures for establishing internal control framework (COSO 2004). On the other hand, non-compliance of COSO implementation may result adversely in terms of non-systematic approach for controls or incomplete controls set up, weak and inefficient control environment, which may result in inadequate processes and reportage (ITGI 2006). According to COSO (2004), ERM integrated framework significantly reduces risks for all types of industries, as this framework recognizes effective enterprise risk management processes and applies it in the context of strategic development. According to Ramos (2004), the COSO framework divides IT controls into computer controls and application specific controls. On the other hand, the ERM framework requires ongoing feedback of information from throughout the company (COSO 2005) to support risk assessment. Similarly, the ITGI also developed COBIT (Control Objectives for Information and related Technology) to address the need for frameworks that address IT issues and provide guidance for IT professionals. COBIT involves provisions of information for achieving organizational objectives, IT processes and resources management. The framework provides a standardized guidance resource for structuring IT controls to comply with Section 404 of SOX (Damianides 2005). Thus, COBIT represents a collection of documents that provide guidance for IT governance, control and assurance. According to the ITGI (2006) report on COBIT, it is a framework for comparing with other frameworks, and provide guidance for process compliance and improvement. The role of IT is magnified under this framework as it addresses issues related to IT by mapping its activities to business drivers, and outlining ri sks of non-compliance such as: à ¢Ã¢â€š ¬Ã‚ ¢ Misaligned IT services, divergence à ¢Ã¢â€š ¬Ã‚ ¢ Weak support of business goals due to misalignment à ¢Ã¢â€š ¬Ã‚ ¢ Wasted opportunities due to misalignment à ¢Ã¢â€š ¬Ã‚ ¢ Persistence of the perception of IT as a black box à ¢Ã¢â€š ¬Ã‚ ¢ Shortfall between managementà ¢Ã¢â€š ¬Ã¢â€ž ¢s measurements and expectations à ¢Ã¢â€š ¬Ã‚ ¢ Know-how tied to key individuals, not to the organisation à ¢Ã¢â€š ¬Ã‚ ¢ Excessive IT cost and overhead à ¢Ã¢â€š ¬Ã‚ ¢ Erroneous investment decisions and projections à ¢Ã¢â€š ¬Ã‚ ¢ Dissatisfaction of business users with IT services supplied (ITGI 2006). Under the COBIT framework, organizations must satisfy the quality and security requirements of their information systems for all assessments. The management has the principle role in optimizing IT resources through applications, infrastructure and personnel usage. The process involves entrusting responsibilities and objective achievements throughout the organization, through an enterprise wide IT architecture. Unlike the COSO framework, COBIT provides guidance for good practice for domain processes within the framework, including specifying activities and executing processes. However, its main focus is on internal control, rather than merely on execution, as COBIT identifies control objectives for planning and organization; acquisition and implementation; delivery and support; and monitoring and evaluation to be integrated within the IT infrastructure. This ensures the internal control system is in place within the IT environment (ITGI 2006). In line with the above, ISO 17799 has also been established to measure security controls within an IT environment. ISO 17799 emerged as Information Security Code of Practice from the UKs Department of Trade and Industry and revised by the British Standards Institute in 1995. It underwent many changes before it adopted its present status. The document outlines a set of standards that covers organizational security, asset classification and control, personnel security, physical and environmental security, access control, system development and maintenance, business continuity management and compliance (ISO 27002 Central 2007). In addition to ISO 17799, a revised version BS7799-2 / ISO27001 in 2002 has been published to add specification for Information Security Management System (ISMS). This part takes into account of measure, monitor and control of security management (ISO 27002 Central 2007). ISO 17799 implementation involves organization of different areas of the business within its framework. For example, setting up of objectives to ensure business activities and processes are not disrupted by developing system access control of information, unauthorized access, network security, unauthorized computer access and ensure information security is in place for mobile computing. Furthermore, ISO 17799 also have provisions for system developmen t and maintenance that ensure operational systems, data application systems, confidentiality and integrity frameworks. Under the ISO 17799 framework, controls are defined through legal and business requirements, cost of implementation and potential impact of security breach (ITGI 2006). The ISO 17799 framework not only ensures compliance through security, but also extends external controls to avoid criminal or civil law, statutory, regulatory and contractual activities (ISO 27002 Central 2007). Overall, it is the organizations security, which is the main objective of ISO 17799. However, in terms of SOX compliance, this framework is limited as it focuses on IT control implementation exclusively (ISO 17799 and Computer Security News 2007). Even though it does not relate to SOX entirely, non-compliance exposes companies to risk of information disclosure, such as loss of confidence and trust; incomplete risk assessment; lack of security awareness within the organization, third party int eraction and interference in the organization; and flawed procedures (ITGI 2006). The ITIL is another framework based on a series of publications of eight books that outline best practice for IT service management. It has been established by the Central Computer and Telecommunication Agency (CCTA) (or British Office of Government Commerce) (ITGI 2006). ITIL defines service processes, quality, objective and implementation of control for IT organization. The books are guides for addressing effective IT function through operation and maintenance of existing systems; development of new systems, and adjustment of service delivery for evolving requirements of the business. The key concepts that ITIL addresses are holistic IT service management and customer orientation. The processes involve incident, problem, configuration, change, and release management, apart from best practices, such as service level management, financial management for IT services, capacity management, business con tinuity and availability management Non-compliance results error-prone support processes (ITGI 2006). Despite the presence of these frameworks (and many others), there are no guarantees for financial reportage exposure to data risks. According to Brown and Nasuti (2005), these frameworks do not necessarily mean SOX compliance, as they are dependent on the companys ability to identify, choose and implement particular framework(s). They are of the view that the frameworks adopted contribute towards strategy, architecture and planning of IT processes and enables executives to manage, anticipate and assemble technologies and methodologies for continuously improving IT environment, but they do not help prevent fraud. SOX provisions are applicable not only in publicly traded companies, but also in internal control environment of private companies, though their processes may differ from firm to firm. The choice for adopting particular framework, thus, depends on the efficacy of IT infra structure alignment with the business objectives, the challenges it poses to IT governance, systems development and competencies and change management initiatives. It also depends upon the implementation of risk management approaches and ways organizations identify success factors for implementation. SOX complexity does not end in the choice of framework or effects of non-compliance. SOX audit is an area that has raised major concerns among auditors. Auditors are responsible for bookkeeping, financial information systems, valuation services, investment services, legal services and actuarial services that are related to managerial functions and investment activities. Yet SOX provisions, according to Tackett, Wolf and Claypool (2006), prohibit consulting activities by independent auditors. The restriction includes management assessment and attestation on effectiveness. The basic premise for setting these restrictive provisions is to curb independent auditors from assisting manageme nt in establishing internal controls for management processes, delegation and responsibilities. SOX compliance, though, allows for corrective feedback, testing of activities, and assistance in approval of processes, it does not provide interference from independent auditors. As a result, SOX audit provisions mandate self-audit by non-audit consulting service providers. It also mandates auditors to provide one report on financial statements, and 3 relating to ICOFR (internal controls over financial reporting), so as to ensure reports are independent and may contain unqualified opinion over internal control of financial reportage. SOX enactment has demonstrated that there is a great need for improving corporate responsibility and restore investor confidence in the US public companies. The setbacks by corporate scandals have intensified the need to establish regulations that would apply strict rules for accountability, disclosure and reporting (ITGI 2004). The emphasis on Section 40 4 requires senior management and business owners to reconsider their present internal control structure. As compliance to SOX means redesign of internal control structure, where IT plays a critical role nowadays, for financial reporting processes, organizations are gradually appreciating the mandates outlined by SOX. However, for the majority, there is still a gap which SOX has not addressed: ITà ¢Ã¢â€š ¬Ã¢â€ž ¢s role in SOX. Since SOX has not clearly identify IT control as part of SOX compliance, nevertheless, IT has become an apparent vital internal control, as without IT systems, data and infrastructure components financial reporting would have been incomplete. This distinction leads the researcher to understand that IT has the critical role of laying the foundation for internal control for SOX compliance. This is inherent in the fact that modern organizations use information technology and their system for establishing control over financial reporting. IT internal control is sy nonymous with gate keeping and, in essence, meets the requirements of SOX. Given the above rationale and background, the researcher proposes research in the following contexts: What are the scope, narrative and control matrix for IT professionals within SOX environment? Are the frameworks for SOX implementation effective in achieving SOX objectives? How can organizations identify, choose, create and implement a control matrix that is congruent with SOX compliance keeping ITs role in mind. And lastly, how can organizations enhance the role of IT internal control in SOX compliance? The researcher understands that there is a critical link between SOX compliance and IT, as it has been emphasized by the various frameworks recommended by SOX. Even though SOX does not specify which frameworks to choose, the researcher assumes that current frameworks established by ITGI, CCTA and ISO are the ones accepted by the law, organizations and professionals. The researcher also assumes that SOX compliance has become a mandate, rather than an option. In the research that ensues, the researcher shall assume that organizations that adopt SOX compliance have defined IT infrastructures and are keen on building upon IT internal control, conducive to transparent, accurate and reliable financial information. However, these assumptions place certain limitations in the research. They exclude organizations, which may not have adopted IT infrastructure for financial reporting, such as small private enterprises, which are not required by law to disclose financial information to the public. They also limit the study to organizations that are not affected by SOX, for example, foreign firms that do not rely on IT systems for financial reporting and are not affected by US laws. Nevertheless, the researcher is of the view that IT internal control is not only a SOX compliance mandate currently, but also a requirement for successful organizations. It is important for orga nizations to have internal control in place, regardless of SOX compliance, in order to remain competitive in business. For these reasons, the researcher shall bypass the limitations and assume that organizations, whether large or small, require SOX internal control frameworks for compliance. The purpose of the research is to explore SOX in the context of IT internal control frameworks. As outlined in the above literature this is critical for SOX compliance as well as for laying the foundation for IT infrastructure building. Thus, the research shall be relevant to legislative officials and SOX compliant interpreters who need to understand the gap, if any, for compliance. Moreover, it is relevant for IT professionals who are involved in exploring, establishing and aligning IT control within the SOX context. They would find the study enumerative in understanding IT relevance under SOX as well as how they could better its objectives. For student researchers, the study may act as a pl atform for furthering research in the areas of IT internal control matrix, frameworks creation and competitive advantage through SOX compliance, which shall be touched upon briefly. Academicians shall find the research enumerative as it explores various options for SOX internal control frameworks through a study of dimensions in implementation. The choice for research methodology largely depends upon the concepts being explored. The validity of the choice of research methodology also depends on the issues rationale adopted for discussing the topic. In the course of the research conducted for the proposal the researcher has found that understanding SOX compliance may require a theoretical exploration and at the same time measurement for its effectiveness and efficacy. In this context, the researcher may adopt a quantitative or qualitative approach. Quantitative approach refers to quantitative measures based on primary observations and empirical findings (Stenbacka 2001). On the ot her hand, a theoretical exploration requires a qualitative approach. Qualitative research involves extensive research based on concepts, theories and ideas studied by other experts before the researcher can reach to his/her own conclusions (Sykes 1991). This is not all; research approach choice also depends on reasoning. Critical thinking requires that one understands the rationale behind the results acquired. Rationale choice can be categorized into inductive or deductive. Deductive reasoning refers to a process of generalization before narrowing it down to the research problem or issue. Alternatively, inductive reasoning refers to inquiries that is based on specific problem or issue, and explore it to establish generalizations. Whichever the rationale approach adopted the researcher must determine it in the context of its relevance to the research problem (Hyde 2000). In the context of the above proposal, the researcher shall aim to adopt a combination approach of quantitati ve and qualitative methods so as to comprehensively test the validity of the questions proposed. The combination of deductive and inductive reasoning on the other hand shall enable the researcher to understand the problem issue of SOX compliance within the IT environment dynamically. References Author not available (2007) Caterpillar and Internal Controls Sarbanes-Oxley UK. Online accessed on 22 June 2007 from: https://www.sarbanesoxleyuk.co.uk/asarbanesoxleyuka366306.htm Author not available (2007) Tighter Sarbanes-Oxley Called For Sarbanes-Oxley UK. Online accessed on 22 June 2007 from: https://www.sarbanesoxleyuk.co.uk/asarbanesoxleyuka366211.htm Brown, W. and Nasuti, F. (2005) What ERP systems can tell us about Sarbanes-Oxley. Information Management Computer Security Vol. 13 No. 4, pp. 311-327 Carter, C. (2007) Compliance Through Self-assessment. The Internal Auditor 64 no. 2 pp. 69-72 Chan, S. (2004) Sarbanes-Oxley: the IT dimension: information technology ca n represent a key factor in auditors assessment of financial reporting controls. Internal Auditor, February Issue. COBIT Mapping: Overview of International IT Guidance, 2nd Edition ITGI 2006. COSO (2005), à ¢Ã¢â€š ¬Ã…“FAQs, for COSOà ¢Ã¢â€š ¬Ã¢â€ž ¢s enterprise risk management à ¢Ã¢â€š ¬Ã¢â‚¬Å" integrated frameworkà ¢Ã¢â€š ¬Ã‚ , COSO. Online accessed on 22 June 2007 available at: www.coso.org/Publications/ERM/erm_faq.htm Damianides, M. (2005) Sarbanes-Oxley and IT Governance on IT Control and Compliance. Information System Management 77 Winter Issue. Fletcher, M. (2006) Five Domains of Information Technology Governance for Consideration by Boards of Directors. Capstone Report. Hyde, K. F. (2000), Recognising deductive processes in qualitative research. Qualitative Market Research: An International Journal, Volume: 3 Issue: 2 pp. 82 90 ISO 27002 Central (2007) The A-Z Guide for BS7799 AND ISO17799. ISO 27002 Central. ITGI (2000) Aligning COBIT ®, I TIL ® and ISO 17799 for Business Benefit. A Management Briefing from ITGI and OGC. ITGI (2004) IT Control Objectives for Sarbanes-Oxley: The Importance of IT in the Design, Implementation and Sustainability of internal Control Over Disclosure and Financial Reporting. ITGI. ITGI (2005) Information Risks: Whose Business Are They? IT Governance Institute Report. Kendall, K. (2007) Streamlining Sarbanes-Oxley Compliance. The Internal Auditor 64 no.1 pp. 38-42, 44 Patterson, E. R. and Smith, J. R. (2007) The Effects of Sarbanes-Oxley on Auditing and Internal Control Strength. The Accounting Review Vol. 82, No. 2. pp. 427-455. Ramos, M. (2004), How to Comply with Sarbanes-Oxley Section 404, Wiley, Hoboken, NJ. Rasch, M. (May 3, 2005) Sarbanes Oxley for IT security? Security Focus. The Register. Online accessed on 22 June 2007 from : https://www.theregister.co.uk/2005/05/03/sarbanes_oxley_for_it_security/ Risk Associates (2007) ISO 17799 and Computer Security Ne ws. Risk Associates. Online accessed on 22 June 2007 available at: https://www.computersecuritynow.com/index.htm Rittenberg, L. E., Martens, F. and Landes, C. E. (2007) Internal Control Guidance. Journal of Accountancy 203 no.3 pp. 46-7, 49-50 Romano, R. (2005) The Sarbanes-Oxley Act and the Making of Quack Corporate Governance. Yale Law Journal. Vol. 114. Issue: 7 pp. 1521+ Roth, J. (2007) MYTH vs. REALITY: Sarbanes-Oxley and ERM. The Internal Auditor 64 no. 2 pp. 55-60 Stenbacka, C. (2001) Qualitative Research Requires Quality Concepts of Its Own. Management Decision 39/7 pp. 551 Sykes, W. (1991) Taking stock. Journal of the Market Research Society, Vol. 33, No. 1, pp. 3 Tackett, J. A., Wolf, F. and Claypool, G. A. (2006) Internal control under Sarbanes-Oxley: a critical examination. Managerial Auditing Journal, Volume 21 Number 3 pp. 317-323 Don’t waste time! Our writers will create an original "Sarbanes-Oxley Act" essay for you Create order