SOX (Sarbanes-Oxley Act of 2002) protects investors in the USA from falsified accounting activities by organizations. The SOX law was enacted after numerous major accounting scandals occurred during the early 2000’s committed by companies like WordCom, Enron, and Tyco.
What is SOX?
Sox is a mandated law with stringent reforms to improve certain financial disclosures from companies to prevent accounting deception. It also contains issues like corporate governance, improved financial disclosure, auditor independence and internal control assessment. For more detailed information about SOX requirements, visit pathlock.com.
Which Business Must Comply?
SOX impacts all public organizations in the US by necessitating them to follow the provisions of the eleven sections of the act. Apart from publicly traded organizations as well as their fully owned subsidiaries and foreign businesses that are trading publicly and conduct business within the US, SOX also regulates accountant firms that carry out audits for US public companies.
Charities and public businesses are not required to follow all the provisions, however, public agencies preparing for going public with an IPO must be prepared to adhere to regulations set out in Sarbanes-Oxley. There are also certain exceptions for non-profit organizations. Protection is also provided to whistleblowers by SOX in order to encourage individuals to come forward and report any unlawful activities within a company they work for. There are stringent punishments for board members, auditors, and officers who destroy company documentation of a fraudulent nature. This applies to non-profits and publicly-traded businesses that are targeted in the law.
The Topmost IT SOX Requirements And Controls
SOX contains eleven sections and as far as compliance is concerned, the predominant sections are 302, 802, 409, 404, and 906.
Section 302 – Corporate Accountability For Financial Reporting
All public companies must file periodic financial statements with the SEC, and the principal financial officer or executive officer must sign every report to show it has been reviewed as well as certified for not containing any untrue statements and no material information is omitted. The signee’s of the report are also responsible for establishing as well as maintaining internal controls for SOX. These controls must be validated within ninety days of submitting the report.
Section 802 – Criminal Punishments For Altering Documentation
Any person that knowingly destroys, alters, conceals, covers up, mutilates, makes false entries into records or tangible objects, or falsified information with an intention to obstruct, impede, or influence the investigation or appropriate administration of matters before the SEC, can be imprisoned for up to twenty years, fined, or both.
Section 409 – Real Time Issuer Disclosure
All material changes with regards to the financial condition or operations of a business must be disclosed by the business in a timely manner, in the interest of protecting the public or investors.
Section 404 – Management Assessment of Internal Controls
All yearly financial statements must contain an internal control report that states management is responsible for a suitable (adequate) internal control structure, as well as an assessment by management that the control structure is effective. Any short falls in SOX controls must also be divulged. Besides that, registered external auditors must demonstrate the accuracy of the business management’s declaration that internal accounting controls are implemented, operational, and efficient.
Section 906 – Corporate Accountability For Financial Reporting
The criminal punishment for certifying a falsified or fraudulent financial statement can be up to $5 million in fines and twenty years imprisonment.
Data Protection Via Technology
In practice, many businesses under the view of the SOX act utilize a technology stack with encryption to protect data, irrespective of where it resides. This is useful in legitimately attesting the fact that data has not been altered or tampered with, or in any way compromised. Under the penalty provisions of Sox, the punishment is strict, therefore it is crucial for businesses to have peace of mind that their data is as secure as possible.