What is the Sarbanes Oxley Act?
The Sarbanes-Oxley act is an act that was adopted to ensure investors who make financial decisions based on data have reliable data. It is mandatory for an accountant who deals with public limited companies to be SOX compliant. This act came out because of the number of scandals that took place with public limited companies such as Tyco International, Enron, World Com, Adelphia, etc. This scandal resulted in the loss of billions of dollars and shacked the confidence of American securities. To regain this confidence, the congress of the United States took several changes in the co-sponsored bill of bipartisan which changed the way of how public limited companies reported their revenue. This bill has the name of its co-sponsors, Mr. Paul Sarbanes (Senator) and Mr. Michael G. Oxley (Representative). This act was signed by George W. Bush, the president of the USA on July 30, 2002.
This act came out as a revolution and changed the laws which weren’t modified for almost 60 years. It completely changed the way how accountants were to present information to the board of directors of public limited companies. This law required accountants to make dynamic reporting and present information such as corporate officers stock transaction, Pro-forma figures, off-balance sheet transactions along with computing under the supervision of Sarbanes-Oxley Act
What is SOX compliance?
SOX compliance is the set of protocols governed by the Sarbanes-Oxley act. This act made it compulsory for the accountant to provide all reports to the Security Exchange Commission (SEC) to reduce the number of corporate frauds and saving investors from fraud. Many renowned public limited companies inflated the share price of the company to increase the company’s worth. When this was realized billions of dollars were lost.
Concerning technology, the compliant infrastructure of SOX is the maintenance and creation of a secure network that allows security and privacy for transfer for financial information to the company officers. This infrastructure creation should meet SOX’s third-party auditor requirements.
SOX Compliance Questions
Some of the common questions that SOX auditors look for as below:
- Is there any system that traces the identity of the security system on the applicable framework?
- Is data only accessible to the right person?
- Are services kept isolated to make sure these aren’t compromised?
- Does the IT framework strictly follow the guidelines mentioned in Sarbanes Oxley article 404?
- Are the applicable servers physically secure?
- Are connections for the server encrypted?