Saturday, May 23, 2020

Sarbanes-Oxley Act - Free Essay Example

Sample details Pages: 16 Words: 4948 Downloads: 2 Date added: 2017/06/26 Category Law Essay Type Narrative essay Did you like this example? Implementing Sarbanes-Oxley within an Environment: Understanding the controls used to implement Sarbanes-Oxley within an environment Recent high-profile corporate scandals (Enron, WorldCom, Tyco and Arthur Andersen etc.) have shattered the trust, of shareholders, legislators and authorities, in major publicly traded companies and have raised concerns for the state of corporate governance, not only in the United States, but also in other countries of the world. The United Kingdom is not immune to the wave of business fraud, corporate scandals, legislation changes and corporate environment restrictions. With the filing of bankruptcies, the US government had taken immediate action to prevent fraud in the future by enacting the Sarbanes-Oxley Act of 2002 (SOX), administered by the Securities and Exchange Commission (SEC). Similar restrictions and legislations have also been adopted in the UK, in an attempt to curb fraudulent acts from proliferating to the other sid e of the Atlantic through multinational public companies trading in the UK. SOX is a legislation designed to eliminate financial fraud and misstatements by greedy executives, unethical corporate practices and non-transparent business transactions. While SOX has redefined the roles, responsibilities and expectations of the board of directors, internal and external auditors, it has also reformed the practices within organizations. At the heart of the enactment of SOX is the implementation of control to oversee senior management, to secure accurate financial reporting information. Two major requirements of SOX are disclosure of material events and contingent liabilities (Rasch 2005). For this purpose, the role of information technology security has become enhanced, as it is expected to ensure transparency in decision-making, reliability and integrity in the system of disclosure. Yet IT experts are of the view that IT has a vague role in making SOX effective. IT security in SOX conte xt is limited to the extent of enhancing reliability and integrity in reporting, and it does not contribute towards prevention of fraud or unethical corporate behaviours. It cannot prevent senior management from engaging in financial misstatements; neither can it curb executives from over-arching organizational controls and processes. The questions that arise then are à ¢Ã¢â€š ¬Ã‹Å"what is the role of IT under SOX? What are the scope, narrative and control matrix for IT professionals within SOX environment? Are the frameworks for SOX implementation effective in achieving SOX objectives?à ¢Ã¢â€š ¬Ã¢â€ž ¢ Before the researcher attempts to answer these questions, a brief background to the emergence of SOX, and why it is needed, must be explored. The turn of the century saw a series of corporate scandals of companies such as Enron, WorldCom and Tyco etc. Their executives had been involved in unethical corporate practices that affected shareholders and stakeholders, alike. Enron and WorldCom filed for bankruptcies (which were followed suit by others) as a result of fraudulent accounting practices and executives greed. Not long before the issues surrounding Enron and WorldCom were resolved, Arthur Andersen, the auditing firm, was charged for malpractice, especially in non-disclosure of fraudulent financial transactions and reportage. At the time, not only the morals of corporate executives had come under scrutiny, but the gatekeepers of the same companies, namely the auditors, had also been questioned of their ethical conduct. The environment of corporate America had become scandalized. The public had become concerned and demanded immediate reforms for curbing more firms from engaging in similar practices. The demand for vigilant corporate governance, in the form of policies, as well as law, increased. The collusion of financial reporting fraud and audit fraud had led to the need for provisions that would keep tight control over accounting and auditing activiti es, and to mandate compliance procedures that require executive certification, independent audit, and provisions for binding organizations to securities regulations (Romano 2005). The onset of the election, as well as the anxious public, pressured Congress to pass a legislation to indict companies for fraud and to restate the status of the American economy. The result had been the enactment of the Sarbanes-Oxley Act of 2002. The Act, according to Rasch (2005), imposes significant accounting and control requirements on U.S. publicly owned companies (and probably on foreign companies which are either traded on U.S. exchanges or which make up a significant part of a U.S. companys financial reporting). SOX addresses the Enron scandal by establishing controls that would require the need for paper trails of audit activities; it mandates auditor independence; it enhances corporate responsibility; it requires executive accountability; and, more importantly, it establishes control systems by setting a series of compliance policies (Rasch 2005). Control refers to processes, in business or IT environment, whereby, internal controls over financial information generation, access, collection, storage, processes, transmission and usage are governed by a set of guidance. To formalize, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides guidelines for financial reporting processes and financial information recording, storage and access. Similarly, for IT auditors relevant guidelines, COBIT (Control Objectives for Information and Related Technologies), had been formed to provide an open standard established by the IT Governance Institute (ITGI), and the Information Systems Audit and Control Association. In the UK, this type of internal controls have been taken up by the IT Infrastructure Library (ITIL), published by the Office of Government Commerce (Rasch 2005). The basic premise for adopting the SOX standard (in the UK or otherwise) f or internal controls over IT infrastructure, is to ensure no repetition of the American dilemma, should it occur among UK corporations. After the American scandals, the government and securities commission realize there is a great need for internal controls to emphasize disclosure, both in terms of material events and contingent liabilities, to prevent bottom-line impact. Moreover, SOX is primarily enacted for the purpose of setting standards for accurate financial reporting information. Since, in modern organizations, there is a great reliance on information technology for transfer, store, access and process information, this means IT and its systems have to be reliable and dependable, in order to gear for transparent transaction, certification and compliance. However, before one can fully establish IT responsible for effective SOX compliance, one needs to understand that accurate financial reporting entails processes and elements that do not necessarily have direct link to fina ncial reportage. For example, decisions of board of directors, top company officials, as well as internal and external auditors, securities exchange authorities and so on (Tighter Sarbanes-Oxley Called For 2007), may not necessarily link with IT. Similarly, processes of risk assessment, control activities, monitoring, information and communications form the basis for accurate financial reportage. IT facilitates these activities, but may not be contingent for its accuracy. For these reasons, SOX has established sets of compliance and controls for companies to follow (Caterpillar and Internal Controls 2007). Although, the details of these compliances do not identify IT responsible for controlling fraud per se, nevertheless, it does enhance the role of IT departments and professionals within companies as gatekeepers. For example, Section 404 requires checking of internal controls, which means the implementation of COSO Framework is necessary. In Chans (2004) work, the author outlines t hat the Public Company Accounting Oversight Board (PCAOB), which sets auditing standards under SOX, refers to IT as affecting companys internal control over financial reporting. She writes: Because systems process and system-generated entries are an integral part of financial reporting, general IT and application controls should be documented and evaluated based on a disclosure and management assessment framework that is compatible with business-process mapping, to enhance consistency and quality. By the same token, the IT environment must be reviewed, along with the overall control environment, for the organization. Simply put, IT governance is an essential component and contributor to financial governance. (Chan 2004). In this context, IT becomes the processing environment that holds many key controls critical for SOX compliance. However, before one can qualify an organization as SOX compliant, its IT control activities need to meet specific criteria. Chan (2004), for example, points to the following assessment criteria: a. IT dependent business environment b. IT processes significant to business activities c. deficiency in IT solutions d. high risk due to computer operations e. organization processes, especially financial reports, dependent on computer processing. f. business based on enterprise-wide systems g. financial application systems used for transactions, interaction and recording of accounts h. dependence on IT processes for enterprise business end-to-end processes i. IT processes managed by third party outsource Apart from the above, the ITGI considers management of IT risks critical for IT governance and compliance. Risk, according to its report, exposes organizations to IT failures. IT related risks impact on business by exposing the business to operational crash, security breach or failed project. Technical complexity, dependence on service providers, limitation of reliable risk-monitoring information systems re sult in improper governance and risks. Implementation of frameworks, such as COSO, develop readily usable enterprise risk management programmes. Moreover, they provides guidance and direction for overcoming risks, and implement corporate governance, new legislations, regulations and standards (ITGI 2005). Chan (2004) further notes that SOX compliance means reporting rise from the transaction level all the way to its final destination in the financial statements. Processes involved in dissemination of information related to it, depend on the manual and automated controls of the IT framework. For this reason, IT control weaknesses often result in poor compliance and accountability. IT controls, therefore, must be business-driven. More importantly, it must follow a standardized framework that separates common information from sensitive ones, to minimize risks, as well as promote harmonization, of IT, internal auditing, finance and business units. SOX does not require organizations t o simply implement standard controls, but rather encourages organizations to assess and evaluate internal controls to devise efficient and least intrusive control information documentation, policies and methodologies (Chan 2004). Having said that, experts (Kendall 2007; Carter 2007; Roth 2007) are of the view that SOX compliance is still at its rudimentary stage as organizations in America and in other parts of the world are still grasping its compliance mandates. Kendall (2007), for example, cites organizations as still uncertain of an effective system of control over financial reporting. Provisions within SOX do not provide guidance for successful implementation of controls based on SOX mandates. As a result, companies are relying on their internal controls assessments and testing, to achieve control objectives relevant to SOX requirements, such as examination of risks, create IT risk inventory, reducing controls, consolidating controls, standardizing processes, monitoring chan ges and streamlining processes. Carter (2007) notes that CSA (control self-assessment) techniques are useful in identifying opportunities for improvement. The technique involves bringing together individuals from different business units of the organization, to gather information on company processes. The session encourages evaluation and redesigning of processes to provide accurate and timely documentation, financial and otherwise. Roth (2007) notes that the ERM (enterprise risk management) technique implies that SOX compliance does not necessarily result in prevention of fraud in the IT context. In fact, other frameworks are more effective in identifying, monitoring and assessing risks associated with IT systems and processes. As mentioned earlier, SOX does not really specify any framework for implementing internal controls. It merely mentions Internal Control and Integrated Framework. Internal control is just as ambiguous, as it means different things for different people. It is likely that miscommunication may occur as a result of different expectations and perceptions of internal control for SOX compliance. For example, internal control, according to COSO, can be defined as, a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives (COSO 2004). However, for different organizations, the composition of these elements and processes may differ. Furthermore, according to Damianides (2005), SOX legislation has created a great need for business to have IT internal control in place, to ensure data reliability and maintenance of ethical activities. It requires processes to be aligned with the Acts Section 302 and 404. Section 302 entrusts the responsibility of financial statements certification and disclosures to CEOs (chief executive officers) and CFOs (chief financial officers), while Section 404 requires internal controls of financial reportage wit hout actually outlining guidance or procedures for implementing them. Indeed, it has been the ITGI that has come up with the COSO international control framework for financial reporting. The COSO framework is based on the following objectives: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Thus, internal control is a process, affected by people and expected to provide reasonable assurance and achievement of objectives of one or more overlapping categories (Damianides 2005). The COSO framework follows the Public Company Accounting Oversight Board (PCAOB) and addresses issues related to: * Segregating accounting duties. * Developing effective boards and audit committees. * Managing with wider spans of control. * Implementing sound information technology controls. * Documenting the design and operation of controls. (Rittenberg, Martens and Landes 2007). The COSO framework outlines principles and components for effective risk management processes as well, which is why it is often confused with the ERM (enterprise risk management). The implementation process of COSO involves identification, assessment, response and controls set up and aligned with its strategic plans. The framework emphasizes on enterprise risk management responsibilities and activities that would result in achieving organizational objectives. To ensure that management processes are in place and function according to SOX compliance, an integrated framework can be set up based on COSO guidance. It encourages identification of risk, assessment of companys strategies, and ways to invest in setting up an internal control framework such as investment in effective ERM, establishing effective technology controls and relate it with financial reporting. COSO implementation differs from other internal control framework, as it is broader and incorporates concepts from various risk management stra tegies, set up and techniques. It requires external and internal control for financial reportage for SOX Section 404 compliance. As a result, not only the board of directors, but management executives, along with CFO and CIO, become part of the disciplines and procedures for establishing internal control framework (COSO 2004). On the other hand, non-compliance of COSO implementation may result adversely in terms of non-systematic approach for controls or incomplete controls set up, weak and inefficient control environment, which may result in inadequate processes and reportage (ITGI 2006). According to COSO (2004), ERM integrated framework significantly reduces risks for all types of industries, as this framework recognizes effective enterprise risk management processes and applies it in the context of strategic development. According to Ramos (2004), the COSO framework divides IT controls into computer controls and application specific controls. On the other hand, the ERM framework requires ongoing feedback of information from throughout the company (COSO 2005) to support risk assessment. Similarly, the ITGI also developed COBIT (Control Objectives for Information and related Technology) to address the need for frameworks that address IT issues and provide guidance for IT professionals. COBIT involves provisions of information for achieving organizational objectives, IT processes and resources management. The framework provides a standardized guidance resource for structuring IT controls to comply with Section 404 of SOX (Damianides 2005). Thus, COBIT represents a collection of documents that provide guidance for IT governance, control and assurance. According to the ITGI (2006) report on COBIT, it is a framework for comparing with other frameworks, and provide guidance for process compliance and improvement. The role of IT is magnified under this framework as it addresses issues related to IT by mapping its activities to business drivers, and outlining ri sks of non-compliance such as: à ¢Ã¢â€š ¬Ã‚ ¢ Misaligned IT services, divergence à ¢Ã¢â€š ¬Ã‚ ¢ Weak support of business goals due to misalignment à ¢Ã¢â€š ¬Ã‚ ¢ Wasted opportunities due to misalignment à ¢Ã¢â€š ¬Ã‚ ¢ Persistence of the perception of IT as a black box à ¢Ã¢â€š ¬Ã‚ ¢ Shortfall between managementà ¢Ã¢â€š ¬Ã¢â€ž ¢s measurements and expectations à ¢Ã¢â€š ¬Ã‚ ¢ Know-how tied to key individuals, not to the organisation à ¢Ã¢â€š ¬Ã‚ ¢ Excessive IT cost and overhead à ¢Ã¢â€š ¬Ã‚ ¢ Erroneous investment decisions and projections à ¢Ã¢â€š ¬Ã‚ ¢ Dissatisfaction of business users with IT services supplied (ITGI 2006). Under the COBIT framework, organizations must satisfy the quality and security requirements of their information systems for all assessments. The management has the principle role in optimizing IT resources through applications, infrastructure and personnel usage. The process involves entrusting responsibilities and objective achievements throughout the organization, through an enterprise wide IT architecture. Unlike the COSO framework, COBIT provides guidance for good practice for domain processes within the framework, including specifying activities and executing processes. However, its main focus is on internal control, rather than merely on execution, as COBIT identifies control objectives for planning and organization; acquisition and implementation; delivery and support; and monitoring and evaluation to be integrated within the IT infrastructure. This ensures the internal control system is in place within the IT environment (ITGI 2006). In line with the above, ISO 17799 has also been established to measure security controls within an IT environment. ISO 17799 emerged as Information Security Code of Practice from the UKs Department of Trade and Industry and revised by the British Standards Institute in 1995. It underwent many changes before it adopted its present status. The document outlines a set of standards that covers organizational security, asset classification and control, personnel security, physical and environmental security, access control, system development and maintenance, business continuity management and compliance (ISO 27002 Central 2007). In addition to ISO 17799, a revised version BS7799-2 / ISO27001 in 2002 has been published to add specification for Information Security Management System (ISMS). This part takes into account of measure, monitor and control of security management (ISO 27002 Central 2007). ISO 17799 implementation involves organization of different areas of the business within its framework. For example, setting up of objectives to ensure business activities and processes are not disrupted by developing system access control of information, unauthorized access, network security, unauthorized computer access and ensure information security is in place for mobile computing. Furthermore, ISO 17799 also have provisions for system developmen t and maintenance that ensure operational systems, data application systems, confidentiality and integrity frameworks. Under the ISO 17799 framework, controls are defined through legal and business requirements, cost of implementation and potential impact of security breach (ITGI 2006). The ISO 17799 framework not only ensures compliance through security, but also extends external controls to avoid criminal or civil law, statutory, regulatory and contractual activities (ISO 27002 Central 2007). Overall, it is the organizations security, which is the main objective of ISO 17799. However, in terms of SOX compliance, this framework is limited as it focuses on IT control implementation exclusively (ISO 17799 and Computer Security News 2007). Even though it does not relate to SOX entirely, non-compliance exposes companies to risk of information disclosure, such as loss of confidence and trust; incomplete risk assessment; lack of security awareness within the organization, third party int eraction and interference in the organization; and flawed procedures (ITGI 2006). The ITIL is another framework based on a series of publications of eight books that outline best practice for IT service management. It has been established by the Central Computer and Telecommunication Agency (CCTA) (or British Office of Government Commerce) (ITGI 2006). ITIL defines service processes, quality, objective and implementation of control for IT organization. The books are guides for addressing effective IT function through operation and maintenance of existing systems; development of new systems, and adjustment of service delivery for evolving requirements of the business. The key concepts that ITIL addresses are holistic IT service management and customer orientation. The processes involve incident, problem, configuration, change, and release management, apart from best practices, such as service level management, financial management for IT services, capacity management, business con tinuity and availability management Non-compliance results error-prone support processes (ITGI 2006). Despite the presence of these frameworks (and many others), there are no guarantees for financial reportage exposure to data risks. According to Brown and Nasuti (2005), these frameworks do not necessarily mean SOX compliance, as they are dependent on the companys ability to identify, choose and implement particular framework(s). They are of the view that the frameworks adopted contribute towards strategy, architecture and planning of IT processes and enables executives to manage, anticipate and assemble technologies and methodologies for continuously improving IT environment, but they do not help prevent fraud. SOX provisions are applicable not only in publicly traded companies, but also in internal control environment of private companies, though their processes may differ from firm to firm. The choice for adopting particular framework, thus, depends on the efficacy of IT infra structure alignment with the business objectives, the challenges it poses to IT governance, systems development and competencies and change management initiatives. It also depends upon the implementation of risk management approaches and ways organizations identify success factors for implementation. SOX complexity does not end in the choice of framework or effects of non-compliance. SOX audit is an area that has raised major concerns among auditors. Auditors are responsible for bookkeeping, financial information systems, valuation services, investment services, legal services and actuarial services that are related to managerial functions and investment activities. Yet SOX provisions, according to Tackett, Wolf and Claypool (2006), prohibit consulting activities by independent auditors. The restriction includes management assessment and attestation on effectiveness. The basic premise for setting these restrictive provisions is to curb independent auditors from assisting manageme nt in establishing internal controls for management processes, delegation and responsibilities. SOX compliance, though, allows for corrective feedback, testing of activities, and assistance in approval of processes, it does not provide interference from independent auditors. As a result, SOX audit provisions mandate self-audit by non-audit consulting service providers. It also mandates auditors to provide one report on financial statements, and 3 relating to ICOFR (internal controls over financial reporting), so as to ensure reports are independent and may contain unqualified opinion over internal control of financial reportage. SOX enactment has demonstrated that there is a great need for improving corporate responsibility and restore investor confidence in the US public companies. The setbacks by corporate scandals have intensified the need to establish regulations that would apply strict rules for accountability, disclosure and reporting (ITGI 2004). The emphasis on Section 40 4 requires senior management and business owners to reconsider their present internal control structure. As compliance to SOX means redesign of internal control structure, where IT plays a critical role nowadays, for financial reporting processes, organizations are gradually appreciating the mandates outlined by SOX. However, for the majority, there is still a gap which SOX has not addressed: ITà ¢Ã¢â€š ¬Ã¢â€ž ¢s role in SOX. Since SOX has not clearly identify IT control as part of SOX compliance, nevertheless, IT has become an apparent vital internal control, as without IT systems, data and infrastructure components financial reporting would have been incomplete. This distinction leads the researcher to understand that IT has the critical role of laying the foundation for internal control for SOX compliance. This is inherent in the fact that modern organizations use information technology and their system for establishing control over financial reporting. IT internal control is sy nonymous with gate keeping and, in essence, meets the requirements of SOX. Given the above rationale and background, the researcher proposes research in the following contexts: What are the scope, narrative and control matrix for IT professionals within SOX environment? Are the frameworks for SOX implementation effective in achieving SOX objectives? How can organizations identify, choose, create and implement a control matrix that is congruent with SOX compliance keeping ITs role in mind. And lastly, how can organizations enhance the role of IT internal control in SOX compliance? The researcher understands that there is a critical link between SOX compliance and IT, as it has been emphasized by the various frameworks recommended by SOX. Even though SOX does not specify which frameworks to choose, the researcher assumes that current frameworks established by ITGI, CCTA and ISO are the ones accepted by the law, organizations and professionals. The researcher also assumes that SOX compliance has become a mandate, rather than an option. In the research that ensues, the researcher shall assume that organizations that adopt SOX compliance have defined IT infrastructures and are keen on building upon IT internal control, conducive to transparent, accurate and reliable financial information. However, these assumptions place certain limitations in the research. They exclude organizations, which may not have adopted IT infrastructure for financial reporting, such as small private enterprises, which are not required by law to disclose financial information to the public. They also limit the study to organizations that are not affected by SOX, for example, foreign firms that do not rely on IT systems for financial reporting and are not affected by US laws. Nevertheless, the researcher is of the view that IT internal control is not only a SOX compliance mandate currently, but also a requirement for successful organizations. It is important for orga nizations to have internal control in place, regardless of SOX compliance, in order to remain competitive in business. For these reasons, the researcher shall bypass the limitations and assume that organizations, whether large or small, require SOX internal control frameworks for compliance. The purpose of the research is to explore SOX in the context of IT internal control frameworks. As outlined in the above literature this is critical for SOX compliance as well as for laying the foundation for IT infrastructure building. Thus, the research shall be relevant to legislative officials and SOX compliant interpreters who need to understand the gap, if any, for compliance. Moreover, it is relevant for IT professionals who are involved in exploring, establishing and aligning IT control within the SOX context. They would find the study enumerative in understanding IT relevance under SOX as well as how they could better its objectives. For student researchers, the study may act as a pl atform for furthering research in the areas of IT internal control matrix, frameworks creation and competitive advantage through SOX compliance, which shall be touched upon briefly. Academicians shall find the research enumerative as it explores various options for SOX internal control frameworks through a study of dimensions in implementation. The choice for research methodology largely depends upon the concepts being explored. The validity of the choice of research methodology also depends on the issues rationale adopted for discussing the topic. In the course of the research conducted for the proposal the researcher has found that understanding SOX compliance may require a theoretical exploration and at the same time measurement for its effectiveness and efficacy. In this context, the researcher may adopt a quantitative or qualitative approach. Quantitative approach refers to quantitative measures based on primary observations and empirical findings (Stenbacka 2001). On the ot her hand, a theoretical exploration requires a qualitative approach. Qualitative research involves extensive research based on concepts, theories and ideas studied by other experts before the researcher can reach to his/her own conclusions (Sykes 1991). This is not all; research approach choice also depends on reasoning. Critical thinking requires that one understands the rationale behind the results acquired. Rationale choice can be categorized into inductive or deductive. Deductive reasoning refers to a process of generalization before narrowing it down to the research problem or issue. Alternatively, inductive reasoning refers to inquiries that is based on specific problem or issue, and explore it to establish generalizations. Whichever the rationale approach adopted the researcher must determine it in the context of its relevance to the research problem (Hyde 2000). In the context of the above proposal, the researcher shall aim to adopt a combination approach of quantitati ve and qualitative methods so as to comprehensively test the validity of the questions proposed. The combination of deductive and inductive reasoning on the other hand shall enable the researcher to understand the problem issue of SOX compliance within the IT environment dynamically. References Author not available (2007) Caterpillar and Internal Controls Sarbanes-Oxley UK. Online accessed on 22 June 2007 from: https://www.sarbanesoxleyuk.co.uk/asarbanesoxleyuka366306.htm Author not available (2007) Tighter Sarbanes-Oxley Called For Sarbanes-Oxley UK. Online accessed on 22 June 2007 from: https://www.sarbanesoxleyuk.co.uk/asarbanesoxleyuka366211.htm Brown, W. and Nasuti, F. (2005) What ERP systems can tell us about Sarbanes-Oxley. Information Management Computer Security Vol. 13 No. 4, pp. 311-327 Carter, C. (2007) Compliance Through Self-assessment. The Internal Auditor 64 no. 2 pp. 69-72 Chan, S. (2004) Sarbanes-Oxley: the IT dimension: information technology ca n represent a key factor in auditors assessment of financial reporting controls. Internal Auditor, February Issue. COBIT Mapping: Overview of International IT Guidance, 2nd Edition ITGI 2006. COSO (2005), à ¢Ã¢â€š ¬Ã…“FAQs, for COSOà ¢Ã¢â€š ¬Ã¢â€ž ¢s enterprise risk management à ¢Ã¢â€š ¬Ã¢â‚¬Å" integrated frameworkà ¢Ã¢â€š ¬Ã‚ , COSO. Online accessed on 22 June 2007 available at: www.coso.org/Publications/ERM/erm_faq.htm Damianides, M. (2005) Sarbanes-Oxley and IT Governance on IT Control and Compliance. Information System Management 77 Winter Issue. Fletcher, M. (2006) Five Domains of Information Technology Governance for Consideration by Boards of Directors. Capstone Report. Hyde, K. F. (2000), Recognising deductive processes in qualitative research. Qualitative Market Research: An International Journal, Volume: 3 Issue: 2 pp. 82 90 ISO 27002 Central (2007) The A-Z Guide for BS7799 AND ISO17799. ISO 27002 Central. ITGI (2000) Aligning COBIT ®, I TIL ® and ISO 17799 for Business Benefit. A Management Briefing from ITGI and OGC. ITGI (2004) IT Control Objectives for Sarbanes-Oxley: The Importance of IT in the Design, Implementation and Sustainability of internal Control Over Disclosure and Financial Reporting. ITGI. ITGI (2005) Information Risks: Whose Business Are They? IT Governance Institute Report. Kendall, K. (2007) Streamlining Sarbanes-Oxley Compliance. The Internal Auditor 64 no.1 pp. 38-42, 44 Patterson, E. R. and Smith, J. R. (2007) The Effects of Sarbanes-Oxley on Auditing and Internal Control Strength. The Accounting Review Vol. 82, No. 2. pp. 427-455. Ramos, M. (2004), How to Comply with Sarbanes-Oxley Section 404, Wiley, Hoboken, NJ. Rasch, M. (May 3, 2005) Sarbanes Oxley for IT security? Security Focus. The Register. Online accessed on 22 June 2007 from : https://www.theregister.co.uk/2005/05/03/sarbanes_oxley_for_it_security/ Risk Associates (2007) ISO 17799 and Computer Security Ne ws. Risk Associates. Online accessed on 22 June 2007 available at: https://www.computersecuritynow.com/index.htm Rittenberg, L. E., Martens, F. and Landes, C. E. (2007) Internal Control Guidance. Journal of Accountancy 203 no.3 pp. 46-7, 49-50 Romano, R. (2005) The Sarbanes-Oxley Act and the Making of Quack Corporate Governance. Yale Law Journal. Vol. 114. Issue: 7 pp. 1521+ Roth, J. (2007) MYTH vs. REALITY: Sarbanes-Oxley and ERM. The Internal Auditor 64 no. 2 pp. 55-60 Stenbacka, C. (2001) Qualitative Research Requires Quality Concepts of Its Own. Management Decision 39/7 pp. 551 Sykes, W. (1991) Taking stock. Journal of the Market Research Society, Vol. 33, No. 1, pp. 3 Tackett, J. A., Wolf, F. and Claypool, G. A. (2006) Internal control under Sarbanes-Oxley: a critical examination. Managerial Auditing Journal, Volume 21 Number 3 pp. 317-323 Don’t waste time! Our writers will create an original "Sarbanes-Oxley Act" essay for you Create order

Tuesday, May 12, 2020

I Am Against Video Games - Free Essay Example

Sample details Pages: 2 Words: 620 Downloads: 2 Date added: 2019/04/26 Category Entertainment Essay Level High school Tags: Video Games Essay Did you like this example? I am against video games because they promote violence, game addiction and expenditure. Video games are good when life gets bored and monotonous with the same schedule every day, but people nowadays have made gaming as their profession, which affects them adversely. Some of the games improves our knowledge and prepare us against the violence that can be found around our surrounding. Video games also brings our family members, relatives and friends together, since multiple player can play and enjoy at the same time. Certain types of video games increase our thinking capacity and improves our brain functioning too. Video games can also be used as good source of teaching and learning tools. There are lots of games in the market where the players have to kill their opponent characters in the game for the victory. It is good until this remains only in the game, but the younger generation tend to implement the violence into their reality. Video games are giving wrong message to the children that those who have lots of guns and can kill everyone are the strongest one. People learn shooting in video games and try to act same in real life which causes death of lots of people. People who play violent type of video games usually get angry very quickly for even a simple cause which affects their social life negatively and may also take a life of others. Children spending most of the time playing video games have difficulty in differentiating their reality and fictional life as a result they think killing and fighting is the only way to solve the problem. Video games also include pornography and different types of women violence which conveys wrong message to the young generation and increases violence in the society. Addiction towards video game is found common. People who do not like to leave playing video games in any situation are said to be addicted towards video games. Video games are designed in such a way that it can easily seek many peoples attention. Video games are designed in a sequence of difficulty level so, people would not be bored getting easy level and also people would not leave without playing thinking its tough. The downfall of people starts when they are addicted to video games as they do not go to work. Addicted children always want to play video game and ruin their study. People get mentally sick being around the video games every moment. People lose their responsibility towards family members and friends due to addiction of video games. Addicted people are so busy with their games, that they do not clean their surrounding and themselves. Video games occupies huge amount of budget in anyones expenses. Video gaming deals with a lot of technology. We need television, video games, controller and so on to enjoy gaming, which is not affordable by ordinary people. According to BestBuy, An XBOX ONE costs $299.99. This price is only for device, we also need to buy television and games for gaming which makes our gaming costlier. Lots of video games do not demand extra money at the time of buying but while we keep playing, we get options like upgrade characters, unlock next level, get extra lives and so on; which increases the expenses too. People get lots of health problems with their eyes and back pain by playing video games for long time which ultimately increases their expenses. Video games need electricity as the source of energy to operate which increases our electricity bill and adds an extra expense to people. The gaming company always try to make slight change in their new version of same game which makes people to spend extra money for the new version. Don’t waste time! Our writers will create an original "I Am Against Video Games" essay for you Create order

Wednesday, May 6, 2020

To what extent can Lord of the Flies be considered a Marxist piece Free Essays

string(208) " savage aspects are an inherent part of man’s nature \(there is an overriding will to survive in humans\) nevertheless in most instances this is suppressed to acceptable levels by the mores of society\." Lord of the Flies centres on a group of boys stranded on a tropical island when their plane crashes en route from England to Australia as part of an evacuation during an atomic war (hypothetical war.) The story is essentially an allegorical tale of the innate evil of man – good versus evil. Of the book, Golding said that he wrote it to illustrate how political systems cannot govern society effectively unless they take into consideration the inherent defects of human nature. We will write a custom essay sample on To what extent can Lord of the Flies be considered a Marxist piece? or any similar topic only for you Order Now Marxism is seen as the development from an oppressive capitalist society to an equal and classless society. Golding tries to set a utopian world within the island devoid of adult, societal constraints but in the end the innate animal characteristics of man come to the fore. Golding based his story on the 19th century novel ‘The Coral Island’ written by R M Ballantyne. Whereas Ballantyne’s novel, an adventure story of three boys stranded on a desert island, was optimistic, Golding’s is terrifyingly pessimistic. The novel was written shortly after World War II , in the early days of the Cold War when paranoia about communism was at its height. In the early 1950s many people were accused, often falsely, of being communists (the McCarthy era in the USA at this time is a good example of this.) It is within this context that Golding wrote Lord of the Flies. The battles between Ralph and Jack, the struggles between the Conch group and the Savages and above all the fight of good versus evil, originate in a degree of paranoia typical of the era in which the novel was written. Lord of the Flies’ reflects elements of Golding’s own life – his experiences during the war made him second guess the traditionally held belief that while society might be evil, man was inherently good. Golding had witnessed the evil in man, not just in the enemy but in his own allies (he was on the ship that sank the German ship Bismarck.) Golding said in his essay ‘Fable’ – originally given as part of a lecture series in 1962 – â€Å"My book was to say: you think that now the war is over and an evil thing destroyed, you are safe because you are naturally kind and decent. But I know why the thing rose in Germany. I know it could happen in any country. It could happen here.† The breakdown of order and discipline is prominent throughout the novel. This idea was drawn from Golding’s experiences as a school master (his father was also a school teacher.) Golding taught in an English public school so much of his insight was drawn largely from this. Golding felt that at the time, the education system lacked a balance between discipline and creative freedom. By placing the boys on an island without adults, free from the constraints of society, he allows the boys freedom to indulge their desires and impulses. But by setting the story in a tropical paradise, Golding allowed the boys’ downfall to come not through a basic struggle for survival but instead from within themselves and commented â€Å"If disaster came, it was not to come through the exploitation of one class by another. It was to rise, simply and solely, out of the nature of the brute . . . . . the only enemy of man is inside him.† (Fable, 1962.) Golding uses the varied characters in the novel to symbolise the varying degrees of savagery exhibited by man and their rift with organised civilisation. For example, Piggy demands that the boys stay within the parameters of organised society – his frequent references to his ‘auntie’ represent the only adult voice throughout much of the novel. Jack, on the other hand, is more interested in satisfying his own desires and is of the belief ‘if it’s fun, do it.’ Ralph, however, is caught somewhere between the extremes exhibited by Piggy and Jack. It is in the clashes between Ralph and Jack that the conflict between a civilised society and a savage one are dramatised and it is in their differing attitudes towards authority that these differences in ideology are portrayed. Ralph is eager to establish order – using the conch to assemble the boys – and although as Golding says â€Å"what intelligence had been shown was traceable to Piggy while the most obvious leader was Jack† it is Ralph who is chosen as the ‘chief.’ There is something about Ralph that has set him apart from the others, an innate quality; but it is his hold on the conch that seems to determine his election as leader of the group. The conch symbolises the old, established adult order the boys had been used to – it represents the rules and regulations or law and order of civilised society. Ralph is representative of government and authority and uses his own authority as chief to try and establish rules (for example, you can only speak if you are holding the conch) which are for the good of the group as a whole – he strives to enforce the moral rules of the society they are stranded from. Jack is the antithesis of this – seeking to gain control of the boys to satisfy his basic instincts (Ralph in fact recognising Jack’s disappointment at not being chosen as leader is consolatory in announcing that Jack is in charge of the choir or ‘hunters’ as they quickly become.) Jack’s shift or decline towards savagery is marked throughout the novel. In the early chapters, his eagerness for killing pigs is really a show of bravery but is intertwined with the need to obtain food for the group. In this sense, Jack conforms to society’s rules. It is only later in the novel when Jack no longer recognises Ralph’s authority and forms his own splinter group with the hunters that Golding shows the reader Jack’s true and more dangerous character. In this way, Golding is able to highlight the fact that to a degree certain savage aspects are an inherent part of man’s nature (there is an overriding will to survive in humans) neverth eless in most instances this is suppressed to acceptable levels by the mores of society. You read "To what extent can Lord of the Flies be considered a Marxist piece?" in category "Papers" Golding himself does not see the novel as a Marxist piece, but as an illustration of â€Å"the darkness of man’s heart†. Whilst the novel wasn’t about class differences, Golding cleverly uses the language of the boys to highlight the fact there are indeed differences. For example at the beginning of Chapter 1 when Ralph meets Piggy and he asks â€Å". . . What’s your father?† When responding Piggy asks â€Å"When’ll your dad rescue us?† Alternate explanations from critics seem to come to the conclusion that the events of the novel were a result of circumstance and not of the evil within man. But Golding dismisses the idea that the actions of the boys were not inevitable. He suggests that the violence occurs â€Å"simply and solely out of the nature of the brute.† Modern critics will argue that the meaning of the text is individual to each reader. â€Å"I no longer believe that the author has a sort of patria potestas over his brainchildren. Once they are printed they have reached their majority and the author has no more authority over them, knows no more about them, perhaps knows less about them than the critic who comes fresh to them, and sees them not as the author hoped they would be, but as what they are† (Golding, Fable) Golding is suggesting that the meaning of a text is not always governed by the author, so although he clearly did not intend for â€Å"Lord of the Flies† to be a Marxist piece, it could be argued that it has become one. It could be argued that given Golding’s life experiences and his father’s influence, this was inevitable. Roger’s sadistic manner was only stopped by the taboos and laws of society, but without these constraints he is unable to unleash the â€Å"id† that is caged by society, but is a demonic feature of the human psyche. In the chapter ‘Painted Faces and Long Hair’ Roger is seen along with Maurice to destroy the ‘Littluns’ castle. Then Roger throws stones at Henry, although deliberately misses – in this sense his action is controlled by the presence of the rules of society. Later in ‘Castle Rock’ Roger, feeling that all aspects of civilised society have disappeared is now free of the constraints imposed by society and so unleashes his true savagery by throwing a stone at Piggy – this time deliberately aimed to harm. It can be argued that Golding uses Roger, who becomes the epitome of savage when he murders Piggy, to embody the central theme of the novel. The conflict between desire and moral obligation is a central theme of the novel. Golding uses the different personalities of the boys to indicate the varied degrees of savagery that humans demonstrate. Piggy juxtaposes Roger as he exhibits no animalistic qualities and adheres to society’s rules. Golding expresses that this vehemence is a more natural aspect of human behaviour and that civilization forces compassion onto us rather than it being a natural human instinct. Even the naval officer recognises that the boys have become out of control – his comment to Ralph that they might have been able to â€Å"put up a better show than that . . . â€Å"illustrates this; Ralph recognises that in the beginning they were a cohesive group, a society. The signal fire’s purpose is to hopefully attract the attention of a passing ship so that the boys may be saved. Metaphorically, indicates how savage the boys have become and how far they have moved away from socially acceptable behaviour. The boys start the fire using Piggy’s glasses in an attempt to be rescued .This suggests that they still long for the order of civilisation. As the fire diminishes, we notice decay in the moral obligations the boys feel and they become more savage. The signal fire allows the reader to gauge how much of society is left on the island. Golding uses dramatic irony at the end of the novel when the officer arrives on the island. Ironically the fire is the antithesis of society at this point in the novel; it has now become a metaphor for the ferocity that man is capable of. The boys ask for some sign of the beast – the sign sent by the grown-ups is the dead parachutist; the beast is a dead pilot – Golding uses this to signify the chaos of an adult world at war. In chapter 5, Simon says â€Å"What I mean is†¦ maybe it’s only us†. Simon suggests that â€Å"the beastie† is just a creation of the boys. It is the fear of the unknown that brings the beast to life. Simon’s idea is one that links with Golding’s views of humanity’s savagery. Simon is the only boy on the island who does not abandon his morals, but he is savagely killed when he tries to help the rest of the boys. Simon’s morality is overwhelmed by the other boy’s amorality, so while Golding does not claim that mankind doesn’t exhibit kindness, he does make the point that it is powerless when the rest of the world is evil. The island is a microcosm of society, and the boys represent different political ideologies. Ralph represents democracy, whilst Jack, with his symbolic red hair, represents communism. The boy’s influence on the island itself can also be seen as a metaphor for human corruption of the planet. The forest scar created by the crashing plane symbolises the encroachment of corrupt civilisation onto the island. NOTES â€Å"What makes things break up like they do?† is the poignant question Piggy asks Ralph. Golding himself blames the breakdown of the island’s democracy on the innate greed and ferocity that is an occupational hazard of being human. In a lecture at the University of California in 1962 he said â€Å"So the boys try to construct a civilization on the island; but it breaks down in blood and terror because the boys are suffering from the terrible disease of being human†. The fire is diatronically opposed to hunting which is the activity of anarchy. Ralph portrays democracy and the role of government in any modern society. He strives to satisfy the demands of the public at large but recognises that certain rules of behaviour must be followed in order to prevent anarchy. Anarchy eventually defeats order – Golding believed that government is ineffective in keeping people together. No matter how logical or reasonable government is, it will in the end give way to anarchical demands of the public. How to cite To what extent can Lord of the Flies be considered a Marxist piece?, Papers

Saturday, May 2, 2020

Ecotourism free essay sample

Ecotourism, surfaced in the late 1980s, is the fastest growing sector of one of the industries in the world. An upsurge in ecotourism, particularly in developing countries, has been created because of the demands for remote, exotic, and natural environments (Scheyvens, 1999). The word ‘ecotourism’ has been coined relatively and a number of different meanings of this word seem like ambassadors travelling every corner of the world. As a result, the marketing value of ecotourism has been exploited by the tourism industry (Goodwin, 1996). In addition, the demand for ecotourism is intimately bound up with the increased awareness to reduce the antagonistic impacts on the environment. Likewise, this has been boosted substantially by means of consumers seeking more abundant and individualistic tourism experience. As ecotourism has been recognized gradually globally, it has been touted as a form of sustainable tourism development and as a potential means to promote the conservation of biological resources (Farrell, amp; Runyan, 1991). We will write a custom essay sample on Ecotourism or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Ecotourism could improve conservation of natural resources. This would take place in four ways. Firstly, it could provide a preferred financial alternative to destructive resource management (Tobias, amp; Mendelsohn, 1991). Secondly, it might seek local support by enhancing and promoting economic, social, or cultural conditions such as generating employment, industry stimulation, economic diversification and increased government involvement. Tangible financial benefits for protected areas could be produced through ecotourism. For example, management costs could be offset by entrance fees (Lindberg, 1991). Lastly, educating Eco-tourists to foster the spirit of advocacy is inextricable with ecotourism. For instance, encouraging protection stems mainly from developing awareness, insight, appreciation and respect by participants for the local environment (Harrison, 1990). This paper starts with brief background of ecotourism and the significance of ecotourism. Likewise, this paper will briefly describe the current approaches to be used in the sustainability of ecotourism development. After this, two cases of ecotourism products will be identified and benefits and challenges of implementing an ecotourism project will be elaborated. Lastly, this paper will end up a reflection and conclusion of the paper’s aims. Approaches to ecotourism development The sustainability of the ecotourism development would not happen by accident. This is inextricably attributed to the application of comprehensive and minimalist approaches. The minimalist approach is aimed at focusing on site-specific, status quo oriented and the natural environment. The comprehensive approach, however, places an emphasis on a holistic perspective of the ecotourism product that integrates the ecosystem and human influences (Harrison, 1995). This approach tends to enhance deep understanding and to transform participant attitudes and behaviour (Weaver, 2005). Furthermore, attaining the objectives of environmental and sociocultural sustainability is intimately associated with the implementation of the comprehensive approach. Likewise, the comprehensive approach mainly pertains to benefits of a product development that are reflected in donations and eagerness engaging in voluntary activities such litter collection and research assistance (Wearing, 2001). In contrast, a minimalist approach is responsible for impeding the attainment of these sustainability objectives. Problems can surface from constructing hierarchies in which megafauna like giant pandas and mountain gorillas are valued more by managers than obscure but no less ecologically valuable species. In these two approaches, the comprehensive approach possesses more strengths than minimalist in achieving the sustainability of ecotourism such as the comprehensive ecotourism gaining deep understanding, focusing on environmental and sociocultural and emphasizing holistic approach (Weaver, 2005). Cater (1994) highlighted the need for local community involvement in planning and developing ecotourism. Gaining the cooperation of local people to improve the feasibility of the development of ecotourism intimately leads to success of ecotourism management. There are two approaches that are favored currently for planning and management the development of ecotourism. The first approach is in relation to planning more formal systems, which attaches great significance to the potential benefits of ecotourism development. This approach is aimed at overcoming the physical and practical barriers to ecotourism development (Garrod, 2003). The second one, however, is more linked with planning participatory, which is aimed at maintaining and building an appropriate balance between development and planning restraint. This approach tends to emphasize the need to integrate ecotourism with other forms of economic and social development so as to resolve these effects efficiently.. Drake (1991) claimed that these two approaches substantially paly a paramount role in planning ecotourism projects and creating benefits. Firstly, increasing project efficiency is intimately bound up with consulting with local people or involving them in the management of the ecotourism project as well as ecotourism operation. Besides this, local involvement can increase project effectiveness and ensure that the project goals and benefits are achieved. Additionally, these approaches are about building capacity among beneficiaries to understand what ecotourism exactly is and how they make great contribution to the sustainability of ecotourism development. This can happen by ensuring that participants are involved in the project and by formal training and raising awareness (Garrod, 2003). There would be other effective approaches for the development of ecotourism, while these approaches without involving local people just scratch the surface of addressing challenges that ecotourism development is confronting. Ecotourism developments Sundarbans, Bengal, India| Penang National Park (PNP)| Strengths * Good tourism infrastructure; * Differentiated local culture which supports the ecotourism development; * A number of natural attractions including Royal Bengal Tiger and estuarine crocodile. Strengths * Accessibility is high; * No entry cost for average tourists; * Having good relationships with local touring companies; * Having an education hub is created by NGOs; * Having support from international researchers | Weaknesses * Less participation and coordination of local people in tourism development * Lack of incentives supporting local peo ple to engage tourism development| Weaknesses * Lack of admission support with regarding to entering into PNP * Lack of signs of boarding and fencing around the Park * Lack of suitable solid waste management| Opportunities * Opportunities in diversifying of ecotourism products including trail walk and country boasts * Participation of local people will provide more value in ecotourism package| Opportunities * Increasing artnership with local hotels, restaurants * Set up admission fees to generate more income for future development| Threats * Increasing population may damage the sustainability of ecotourism program * Ecosystem can be negatively impacted by poor management | Threats * Farmer’s encroachment * Stealing of flora and fauna| Case of Sundarbans The resources of flora and fauna are the natural wealth to Sundarban. There are more than 60 plant species and 90% mangrove species in this area which provide a comfortable environment to amphibian tigers. Distinctively, Sunda rban Tiger Reserve has more than 260 in quantity from other tiger reserve zones of other countries (Bhattacharya, Bhattacharya amp; Patra, 2011). Sundarban is a tourists’ paradise where thousands of tourists tend to visit the mangrove tiger land. The title of ecotourism is well-known in Sundarban. Ecotourism is considered as an ecologically, morally and ethically part of tourism which is aimed at optimizing cultural and ecological benefits. Likewise, it provides the tourist with an inspiring experience as well as more economic benefit. Community-based ecotourism makes substantial contribution to the ecotourism framework. Kersten (1997) claimed the local community maintains major control over the management and maximizes the profits of the project. Instead of regional development, the participation marginalized sector and community development can be referred to this strategy. Developing and managing ecotourism is intimately bound up with requiring a conducive environment that can boost its development and smooth operation. For Sundarbans, the most important requirement is the local people participation in larger number. Besides this, ensuring the income generated from this region stays with the community (Bhattacharya et al. , 2011). Moreover, the success of Sundarbans is inextricably attributable to the satisfaction of the tourists after visiting this place. The quantity of visitors, their duration of stay, their feedback and their desire of making another visit can clearly reflect their satisfaction. On the other hand, some major dilemma that Sundarban is confronting is the rise in the sea level that has had great negative effects on this delicate ecosystem. Likewise, it also causes a rise in salinity. The reduction in number in the low salinity tolerant mangrove species is directly associated with this dilemma. A reduction of water reserve has been resulted from the rise of salinity. Moreover, resorting to collecting tiger prawn seed by the local people is another major threat. This could be detrimental to the natural regeneration of the mangroves (Bhattacharya et al. , 2011). Thus, Sundarban’s ecosystem is being threatened by all of factors. In order to effectively respond to these threats and establish a sustainable planning for ecotourism, ensuring communal ownership and control is essential for that. Besides, fostering a feeling of pride and community through a preservation of traditional practices and cultural techniques is a means to achieve that. Through educating local population about the negative impact of overexploiting, it is expected that the environmental consciousness can be cultivated. Moreover, developing a proper ecotourism package that is different from the existing mass tourism packages was exactly what the local government intervened or focused on. Case of Penang National Park (PNP) The PNP, which is a coastal forest on an island, is endowed with inland forest and woodlands in the park extending to the sea. There are special forest communities which include mangrove areas, pear swamps, beach forests and riparian forests (Hong and Chan, 2010). In addition to mangrove areas, the PNP is in possession of eight forest beaches, rocky shores and inner forest. Noticeably, the resources of timber, medicinal and ornamental plants are relatively rich in PNP. Interestingly, the PNP houses a biological and marine research station owned by the University Sains Malaysia (Hong and Chan, 2010). Furthermore, as Penang is stressed for water, the PNP plays an important in water catchment area for the Teluk Bahand dam (Hong amp; Chan, 2010). According to Kumar (2004), the PNP can definitely claim to be one of the natural heritage sites in Malaysia standing for ecotourism and natural heritage conservation with vast potentials. This would not happen automatically but lie in successfully carrying appropriate strategies out and the natural strengths. Firstly, the PNP is in possession with many unique features which are exclusive compared to other national parks. These unique features include a unique lake and mudflats. Besides that, the park is abundant in biodiversity, harboring rich fauna like the giant flying squirrel, and flying lemurs (Ong amp; Dhanarajan, 1976). Furthermore, establishing partnerships with hotels in Batu Feringghi and Tanjung Bungah in promoting the PNP to the international tourists made great contribution to success of The PNP (Hong and Chan, 2010). Additionally, the sustainable operation of the PNP is directly linked to sustainable income generated through collection of entrance fees to The PNP maintenances. According to Hong and Chan (2010), 80% of the total visitors are willing to pay for an entrance fee and to participate in ownerships of the PNP. Lastly, George Town City in Penang has been listed as one of UNESCO’S world Heritage Site on 7 July 2008, which has exposed the PNP to the international tourists (Hong amp; Chan, 2010). However, several threats to ecotourism development of PNP have surfaced. The foremost threat to PNP is the solid waste management. The PNP is confronting environmental threats with regard to risks of flora and fauna extinction, as more visitors flock to this place (Lee amp; Leong, 2003). Moreover, farming activities such as deforestation and replacing the cleared area with crops could lead to a significant increase in soil erosion and could affect the ecosystem (Chan, Chan, amp; Kumar, 2004). In order to effectively respond to these threats, Penang stat government took its roles in controlling these threats and creating a balance between development and conservation. Besides this, the PNP has built a nature education center for school children, a natural laboratory for scientific research and a life laboratory for ecotourism research (Chan, 2009). Sustainable development of ecotourism stems from maximizing strengths and minimizing threats. Reflection There is no doubt that ecotourism is increasingly being regarded as a strategy to resolve economic and social problems in local communities. It is also increasingly being considered as an appropriate and effective tool for environmental conservation. As the ecotourism development is increasingly becoming an important economic vehicle in natural areas, these two cases thoroughly mirrors the characteristics of ecotourism. Not only does it provide opportunities for visitors to experience powerful manifestations of nature and culture, but also it generates economic benefits for communities living in rural and remote areas. Drumm and Moore (2005) stated that the implementation of ecotourism makes great contribution to giving economic value to ecosystem services and generating direct income for the conservation of protected areas. In addition to these, direct or indirect income is generated by the development of ecotourism. Incentives for conservation in local communities are exactly what ecotourism creates. Furthermore, ecotourism implementation can be considered as a tourism strategy for promoting sustainable use of natural resources and reducing threats to biodiversity (Drumm and Moore, 2005). The benefits of ecotourism have greater potentiality in many destinations, for these two cases, the process of ecotourism planning is considered as a useful conservation strategy in addressing those potentialities. Benefiting both local people and the protected area are the ideal component of a sustainable development strategy in ecotourism. The ultimate success of an ecotourism initiative would be reflected in having low impact upon a protected area’s natural resources and involving stakeholders in planning, developing, implementation and monitoring. On the other hand, it is inevitable that some serious challenges would be confronted in ecotourism development. Firstly, in some areas earnings from ecotourism are moved to social and infrastructural programs instead of reinvesting into conservation and maintenance. For example, even though Costa Rica’s park successfully implemented an ecotourism project, the sustainability of the parks has been jeopardized by using earning in infrastructural programs rather than using in conservation process. In addition to this challenge, political will to support ecotourism development plays a vital role in leading to success of the sustainability. Effectively responding to these challenges is directly associated with ensuring ecological, social and economic sustainability when implementing an ecotourism project. Besides this, building strong partnerships with state government and hotels is a core means to handle these challenges. Moreover, taking a leaf out of the historical books is critical to pave the way for the future. Conclusion The definition of ecotourism is increasingly becoming blurred, or it is a relatively new concept. Some people have abused the term to attract conservation conscious tourists. It is concluded that the local people’s welfare and natural environment can be benefited from the development of ecotourism. Both participants and stakeholders play a critical role in the tourism development and ecotourism implementation. The need to recognize involving communities in the development of ecotourism is essential and important for contributing to the sustainability of ecotourism development. Ecotourism planners might put profits first or feasibility first. However, involving people or communities would be the optimal approach to achieve the sustainability of ecotourism. There are economic, ecological, environmental and social reasons to implementing an ecotourism project. The sustainability of ecotourism development is inextricably associated with these factors.