SOX Compliance

Upcoming Audit? Blow Their Sox Off!

The Sarbanes–Oxley Act of 2002 was designed to foster improved transparency in the internal controls and reporting of publicly traded corporations. 

Unlike several previous attempts to “fix” bad corporate behavior, the law acquired real teeth by potentially holding CEOs and CFOs personally liable for submitting false information during a financial audit. Penalties for non-compliance could include fines, delisting of the offending company’s stock, and jail time of up to 20 years for the offending executives.

SOX Section 302 requires the CEO and CFO to certify that all records are complete and accurate, accept personal responsibility for all internal controls (which would include the company’s IT infrastructure and information-handling processes), and attest that they’ve reviewed those controls within the past 90 days.

Section 404 lays the groundwork for the monitoring and maintenance of those internal controls, and requires the business to engage an outside firm to audit those controls at least once a year.

While the law doesn’t explicitly mention information security, it is impossible to conceive of a public corporation operating so far off the grid that IT is not integral to their approach to information management. If financial information so much as touches a PC, or a server, or even a router, then IT controls are at the heart of any SOX audit.

We’ll help with your ABC’s.

SLPowers can get you ready for a Sarbanes-Oxley audit by helping with your ABC’s. 

Running throughout these broad categories is an overarching concern for the security of the information in your care. 

  • Do you have the proper security controls in place? 
  • Can you document that they are being actively enforced? 
  • Are you monitoring the integrity of your environment around the clock? 
  • Are you able to react quickly to a suspected data breach, and isolate or quarantine a potentially malicious intruder? 
  • Do you know how to isolate genuinely impactful network activity from the white noise of false positives? 
  • Are you able to quickly recognize changes in network traffic? 
  • Can you pull the relevant logs that allow for a forensic evaluation after an event? 

We work closely with our partner company, True Digital Security, to make sure two sets of eyes, with two different (though complimentary) perspectives on information security, are engaged in every pre-audit client assessment. 

And we present our findings in clear Business English, not Geek Speak. 

A SOX audit is a serious matter, but there is a way to leverage the process to make your entire corporate ship run tighter and safer.  

Contact us today and we’ll tell you how.