Sarbanes-Oxley Problem
On July 30, 2002, the Sarbanes-Oxley Act of 2002 was signed into law (Hooley, 2005). The Act applies publicly held companies and their audit firms. It dramatically affects the accounting professions and CPAs working as an auditor of a publicly traded company. In response to a wave of high-profile corporate crime such as the Enron debacle, Congress passed the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley"), and President Bush signed the act into law on July 30, 2002. Sarbanes-Oxley was enacted to protect investors by combating corporate crime and improving corporate governance. As many commentators have noted, Sarbanes-Oxley requires companies to implement extensive corporate governance policies to prevent and timely respond to fraudulent activity within the company. For example, Sarbanes-Oxley expressly requires publicly traded companies to create anonymous hotlines for the reporting of fraud, and it requires executives to certify that their financial statements are accurate (Hooley, 2005).
Other provisions require companies to closely review their policies and procedures regarding internal investigations, and implement the necessary processes and tools to respond timely and effectively to reports of fraudulent activity. With the vast majority of information now generated in digital format, the recovery and analysis of digital data is the primary process for internal corporate investigations. In other words, for effective self-policing, including the timely detection and response to reports of fraudulent activity, companies must have the ability to acquire, search and preserve electronic data related to fraudulent activity ( Patzakis, 2003). Many companies, however, are ill-equipped to acquire the necessary electronic data ...