The Sarbanes–Oxley Act of 2002 was designed to foster improved transparency in the internal controls and reporting of publicly traded corporations.
Unlike several previous attempts to “fix” bad corporate behavior, the law acquired real teeth by potentially holding CEOs and CFOs personally liable for submitting false information during a financial audit. Penalties for non-compliance could include fines, delisting of the offending company’s stock, and jail time of up to 20 years for the offending executives.
SOX Section 302 requires the CEO and CFO to certify that all records are complete and accurate, accept personal responsibility for all internal controls (which would include the company’s IT infrastructure and information-handling processes), and attest that they’ve reviewed those controls within the past 90 days.
Section 404 lays the groundwork for the monitoring and maintenance of those internal controls, and requires the business to engage an outside firm to audit those controls at least once a year.
While the law doesn’t explicitly mention information security, it is impossible to conceive of a public corporation operating so far off the grid that IT is not integral to their approach to information management. If financial information so much as touches a PC, or a server, or even a router, then IT controls are at the heart of any SOX audit.
SLPowers can get you ready for a Sarbanes-Oxley audit by helping with your ABC’s.
We work closely with our partner company, True Digital Security, to make sure two sets of eyes, with two different (though complimentary) perspectives on information security, are engaged in every pre-audit client assessment.
And we present our findings in clear Business English, not Geek Speak.
A SOX audit is a serious matter, but there is a way to leverage the process to make your entire corporate ship run tighter and safer.
Contact us today and we’ll tell you how.