Are You Sox Compliant?
It has been more than 10 years since the initial passage of the Sarbanes’ Oxley Act of 2002 and many organizations still struggle to fulfill their auditing and compliance requirements. The Sarbanes’Oxley Act of 2002, referred to by the Senate as the “Public Company Accounting Reform and Investor Protection Act” and by the House of Representatives as the “Corporate and Auditing Accountability and Responsibility Act.” Most users commonly refer to it as Sarbanes’Oxley, Sarbox or most popularly, SOX. The purpose of SOX was to implement accounting and disclosure requirements that will increase transparency in corporate governance and financial reporting and create a formal system of internal checks and balances.
Not sure if you need to take SOX compliance serious? Formal penalties for non-compliance with SOX can include fines, removal from listings on public stock exchanges, and invalidation of D&O insurance policies. There are also penalties for CEOs and CFOs who willfully submit an incorrect certification to a SOX compliance audit including fines of $5 million and up to 20 years in jail. The act was passed on July 30, 2002, on the heels of the Enron, Worldcom, Tyco International and other high profile corporate scandals. SOX compliance deals with financial governance and accountability, but there are sections of the act have clear implications for data storage and transmission, and information security. IT Managers need to pay special attention to Section 302 and 404. Your entire IT infrastructure from server and network security, to IT practices and operations, must be reinforced and configured to maintain and demonstrate compliance in the event of an audit.
Your organizations IT infrastructure is the backbone of how you communicate, so it only makes sense that compliance with SOX should require introducing broad information accountability measures. There are organizations that are creating their high-level data security plans and as these plans get created, SOX compliance needs to play a role. It is true that data governance policies will help keep you SOX compliant, but you can see tangible benefits to your business as well. Many organizations that leverage SOX compliance initiatives are constantly looking for ways to improve their financial reporting. This naturally will lead to improvements in your internal control over your financial reporting. By auditing your existing IT Infrastructure, you can identify inefficiencies and redundancies. By streamlining the reporting and auditing process, you can increase productivity and reduce cost.
While SOX doesn”t specifically mention information security, for practical purposes, an internal control is understood to be any type of protocol dealing with the infrastructure that handles your financial data. internal controls include any computers, network hardware, and other electronic infrastructure that financial data passes through. From the IT side of things, a typical audit will look at four things: access, security, change management, and backup procedures. If you are unsure if you are SOX compliant or if you need to be, let 2W Tech help you. We have security solutions that can ensure your internal controls are running effectively and securely and IT Consultants on staff that can guide you through the process.
Building a Business Case for Business Continuity Whitepaper
Enjoyed reading this article? Click the button below to download this asset.