Understanding the Sarbanes-Oxley (SOX) Act
The Sarbanes-Oxley Act is a law that was passed in 2002 to ensure that investors have reliable data to make their financial decisions. The law was the response to accounting scandals that took place around the turn of the century including organizations such as Enron, Tyco International, Adelphia, and WorldCom. Costing investors billions of dollars and a widespread confidence dip in American securities. To remedy the loss-of-confidence, the United States congress took swift measures in a bipartisan co-sponsored bill that amended the processes of how publicly traded companies reported revenue.
How to be SOX Compliant
Though this was a sprawling and far-reaching reform there are three main parts that need to be observed:
Section 302 of the SOX Act of 2002: Senior corporate officers are mandated to personally certify in writing that the company’s financials comply with SEC disclosure requirements and provide all material operations aspects and financial condition of the issuer.
Section 404 of the SOX Act of 2002: Managers and auditors are required to establish internal controls and reporting procedures to ensure the compliance of said controls.
Section 802 of the SOX Act of 2002: Outlines the recordkeeping rules, of which there are three. Number one addresses destruction and falsification of records. The second defines the period for record retention. The third rule defines the business records that companies are required to store, which includes electronic communications.
SOX Compliance Questions
If you are visited by an auditor what are some of the questions that they are going to be asking?
- Is there an identity-based security system in place that applies to your operating framework?
- Who has access to what data, and are they the right people?
- Are your services isolated to reduce cross platform or cross network access?
- Does your IT framework provide the confidentiality stipulated by Article 404 of SOX?
- Do you have physical security in place for applicable servers or data storage sites?
- Do you have firewall protection for that server or data storage from the internet, with alterations to be compliant with SOX?
- Are the connections to your sever encrypted?
MyTek is here to help
The IT professionals at MyTek can clarify network security and the role it plays in regulatory compliance, helping you prepare for your SOX, HIPAA, or PCI DSS audit.
For more information on Sarbanes-Oxley compliance for accounting firms, contact us or call us today at 623-312-2440.