In the early 2000s, accounting scandals upended the financial world. Corporations, such as Enron, WorldCom, and Tyco, hid large debts, inflated their assets, diverted earnings, and manipulated stock prices. These events led to bankruptcy filings and class action lawsuits against the companies, charges against top executives, losses in investor earnings, and job losses among employees. The federal government enforced the Sarbanes-Oxley (SOX) Act in 2002 to improve the financial reporting systems of publicly traded corporations and to increase the accountability of their top executives.
How can publicly traded corporations stay compliant with SOX?
- Require corporate executives to sign financial reports to confirm that the organization accurately presents them.
- Protect their data to ensure financial reports are not based on inaccurate or tampered data.
- Create safeguards that external auditors can verify and report any security breaches affecting finances.
- Enforce controls on access to confidential financial data. The company must detect any data tampering quickly and take steps to reduce the negative consequences of these problems.
- Include information about the reach and effectiveness of the security control procedures in the financial reports.
- Save paper and digital records for no less than five years.
- Remind executives about the consequences of destroying, damaging, hiding, and falsifying documents relevant to a legal investigation. If auditors discover intent to obstruct or influence the investigation, the company will face a fine, and the liable executives may face up to 20 years in prison.
What are the threats to SOX compliance?
According to the SANS Institute, these threats to an IT system can undermine a corporation’s ability to stay SOX compliant:
- Abuse of access privileges by an otherwise authorized user
- Misuse of access privileges by employees
- Accidental errors
- Attempted unauthorized access by an outsider
- Communication loss
- Computer virus
- Data integrity loss
- Deliberate attach
- Destruction of data
- Fire
- Natural Disasters
- Non-disaster downtime
- Power loss
- Theft or destruction of a computing resource
- Successful unauthorized access by an outsider
How can your organization stay compliant with SOX?
- Store documents in an electronic database: Database software will store your confidential documents in a highly protected digital file cabinet. This program will help your organization stay compliant with SOX by enforcing employee access policies, protecting documents with SSL encryption, and enabling quick record retrieval. Additionally, storing your documents in a database rather than on your computer will prevent loss, destruction, or leaks of confidential data caused by malware attacks. Furthermore, your CEO can access a dashboard of accurate data to ensure the organization’s finances are in order.
- Use a next-generation firewall with an intrusion prevention system, such as SonicWall. A traditional firewall primarily focuses on keeping cybercriminals out of your network, thereby protecting your financial information critical to SOX audits. The next-generation firewall, such as SonicWall, takes the traditional approach a step further by incorporating virus/malware protection, user authentication, URL filtering, and application-level security.
- Have your IT department monitor servers and applications around the clock. An IT support company, such as SwiftTech Solutions, will have access to advanced server monitoring software to track SQL database activity. For example, SolarWinds SQL Server Performance will track performance issues, such as outages and login failures, and trigger automated alerts if these events occur. This will allow the IT company to take immediate action to ensure the data remains intact. This software will also generate a report that your organization can give to an auditor.
- Hire an employee to help your company comply with PCAOB requirements. The Public Company Accounting Oversight Board (PCAOB) conducts audits of public companies to protect investors’ interests. The PCAOB reviews audit reports, logs, and other related materials to ensure an organization remains in compliance with SOX. Your firm should hire an expert to help the organization comply with SOX/ requirements, as the bylaws are lengthy and complex.
- Create backup and recovery procedures: Your organization’s critical data should be backed up to both on-site and off-site locations. For example, Veeam Backup and Replication can archive your data to an on-site device dedicated to disaster recovery and to off-site storage with a cloud storage provider, such as Azure or Amazon. If a disaster does strike and, for example, a flood destroys your laptop, you can access your undamaged financial data (for your SOX auditor) from a browser on another device.
SwiftTech Solutions can help your organization follow SOX compliance and data protection standards. Our IT consultants can help your organization create a “Policies & Procedures” handbook, implement a backup and disaster recovery plan, and much more. You can call 877-794-3811 or email info@swifttechsolutions.com for a free analysis.
SOURCES:
Accounting-Degree.org. The 10 Worst Corporate Accounting Scandals of All Time. Retrieved from: http://www.accounting-degree.org/scandals/
Seider, D. Sarbanes-Oxley Information Technology Compliance Audit. (2004). Retrieved from: http://www.sans.org/reading-room/whitepapers/auditing/sarbanes-oxley-information-technology-compliance-audit-1624
Taft Law. Sarbanes-Oxley Act. Retrieved from: http://taft.law.uc.edu/
Sarbanes-Oxley Act. Sarbanes-Oxley Act Summary and Introduction. (2003). Retrieved from: http://www.soxlaw.com/introduction.htm
Rouse, M. Sarbanes-Oxley Act (SOX). (2007, September). Retrieved from: http://searchcio.techtarget.com/definition/Sarbanes-Oxley-Act
ManageEngine. Compliance Audit Reports for Sarbanes-Oxley (SOX) Act, 2002. Retrieved from: http://www.manageengine.com/products/eventlog/sox-compliance-reports.html
InformationWeek Dark Reading. 10 Best Practices For Meeting SOX Security Requirements. (2011, December 15). Retrieved from: http://www.darkreading.com/10-best-practices-for-meeting-sox-security-requirements/d/d-id/1136818?