In the early 2000s, accounting scandals turned the financial world upside down. Corporations, such as Enron, WorldCom, and Tyco hid large debts, inflated their assets, diverted earnings, and manipulated stock prices. These events resulted in bankruptcy filings and class action lawsuits for the companies, charges against top executives, loss of earnings for investors, and lost employee jobs. The federal government enforced the Sarbanes-Oxley (SOX) Act in 2002 to improve the financial reporting systems of publicly traded corporations and to increase the accountability of their top executives.
How can publicly traded corporations stay compliant with SOX?:
- Require corporate executives to sign financial reports to confirm the organization accurately presents them.
- Protect their data to ensure financial reports are not using inaccurate and/or tampered with data.
- Create safeguards that external auditors can verify and report any security breaches affecting finances.
- Enforce controls on access to confidential financial data. The company must detect any data tampering quickly and take steps to reduce the negative consequences of these problems.
- Include information about the reach and effectiveness of the security control procedures in the financial reports.
- Save paper and digital records for no less than five years.
- Remind executives about the consequences of destroying, damaging, hiding, and falsifying documents relevant to a legal investigation. If auditors discover intent to obstruct or influence the investigation, the company will receive a fine, and the liable executives can get up to 20 years of imprisonment.
What are the threats to SOX compliance?
According to the SANS Institute, these threats to an IT system can undermine a corporation’s ability to stay SOX compliant:
- Abuse of access privileges by an otherwise authorized user
- Misuse of access privileges by employees
- Accidental errors
- Attempted unauthorized access by an outsider
- Communication loss
- Computer virus
- Data integrity loss
- Deliberate attach
- Destruction of data
- Natural Disasters
- Non-disaster downtime
- Power loss
- Theft or destruction of computing resource
- Successful unauthorized access by an outsider
How can your organization stay compliant with SOX?
- Store documents in an electronic database: Database software will store your confidential documents in a highly protected digital file cabinet. This program will allow your organization to stay compliant with SOX by enforcing employee access policies, keeping documents protected with SSL encryption, and allowing for quick retrieval of records. Plus, storing your documents in a database instead of your computer will prevent any loss, destruction, and leaks of confidential data caused by malware attacks. Furthermore, your CEO can access a dashboard of accurate data so he/she can ensure the organization’s finances are on the up and up.
- Use a next-generation firewall with an intrusion prevention system, such as SonicWall: A traditional firewall mostly involves keeping cybercriminals out of your networks, thus away from your financial information critical for SOX audits. The next-generation firewall, such as SonicWall, takes the traditional method a step further and incorporates virus/malware protection, user authentication, URL filtering, and application-level security.
- Have your IT department monitor servers and applications around the clock: An IT support company, such as SwiftTech Solutions, will have access to advanced server software to monitor the activity of SQL databases. For example, SolarWinds SQL Server Performance will keep track of performance issues, such as outages and login failures, and set off automated alerts should these events occur. This will allow the IT company to take immediate action so data will stay intact. This software will also generate a report your organization can give to an auditor.
- Hire an employee to help your company follow the requirements of the PCAOB: The Public Company Accounting Oversight Board (PCAOB) runs audits of public companies so they can protect the interests of investors. The PCAOB looks at audit reports, logs, and other related material to ensure an organization is staying in compliance with SOX. Your firm should hire an expert to help the organization follow the requirements of the SOX / PCAOB since the bylaws themselves are lengthy and complex.
- Create backup and recovery procedures: Your organization’s critical data should be backed up to an onsite and offsite location. For example, Veeam Backup and Replication can archive your information to an onsite device dedicated to disaster recovery and offsite to a cloud storage provider, such as Azure or Amazon. If a disaster does strike and, for example, a flood destroys your laptop, you can access your undamaged financial data (for your SOX auditor) from a browser on another device.
SwiftTech Solutions can help your organization follow SOX compliance data protection standards. Our IT consultants can help your organization create a “Policies & Procedures” handbook, implement a backup and disaster recovery plan, and much more. You can call 877-794-3811 or email email@example.com for a free analysis.
Accounting-Degree.org. The 10 Worst Corporate Accounting Scandals of All Time. Retrieved from: http://www.accounting-degree.org/scandals/
Seider, D. Sarbanes-Oxley Information Technology Compliance Audit. (2004). Retrieved from: http://www.sans.org/reading-room/whitepapers/auditing/sarbanes-oxley-information-technology-compliance-audit-1624
Taft Law. Sarbanes-Oxley Act. Retrieved from: http://taft.law.uc.edu/
Sarbanes-Oxley Act. Sarbanes-Oxley Act Summary and Introduction. (2003). Retrieved from: http://www.soxlaw.com/introduction.htm
Rouse, M. Sarbanes-Oxley Act (SOX). (2007, September). Retrieved from: http://searchcio.techtarget.com/definition/Sarbanes-Oxley-Act
ManageEngine. Compliance Audit Reports for Sarbanes-Oxley (SOX) Act, 2002. Retrieved from: http://www.manageengine.com/products/eventlog/sox-compliance-reports.html
InformationWeek Dark Reading. 10 Best Practices For Meeting SOX Security Requirements. (2011, December 15). Retrieved from: http://www.darkreading.com/10-best-practices-for-meeting-sox-security-requirements/d/d-id/1136818?