Sarbanes-Oxley sets out new standards and penalties for corporate wrong-doing and strengthens existing standards.
The Act comprises 11 titles which lay out auditor and corporate responsibilities, financial disclosure regulations, and penalties for white-collar crimes.
The following sections are of particular interest to IT Executives:
sarbanes-oxley key sections
|
|
Section 302
Section 302 may initially seem simple but is actually very complex. It requires corporate officers to attest to the accuracy of quarterly and annual reports including making representations about the strength of financial controls. This attestation removes any "I didn't know" defense for these officers as they must:
- confirm that they have reviewed the report
- confirm that it is true
- confirm that it fairly represents the financial condition of the company and they know this to be true because:
- they have accepted responsibility for internal controls over their financial processes
- they have designed controls that ensure that material information reaches them
- they have personally evaluated the effectiveness of these controls
|
Section 404
Section 404, which requires an annual assessment as to effectiveness of internal controls in financial reporting. To comply with Section 404 companies must:
- assess whether their processes for working with financial data are established, documented, and structured to contain controls against risk.
- do the same for information systems that manage financial data.
- assess whether they have adequate security controls to ward off theft or corruption of data
- determine whether their employees' roles, responsibilities, access rights, and permissions could allow material fraud or misrepresentation of financial data.
|
Section 802
Section 802, which ensures authenticity of records and records retention. To comply with Section 802 companies must not:
- knowingly alter or destroy audit documents
- knowingly conceal, cover up or falsify audit records
Audit documents and records can be:
- workpapers, documents that form the basis of an audit or review
- memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review
|
CEOs and CFOs must place a high degree of trust in their IT systems, staff and processes which have a bearing upon corporate financial data, as ultimately they are responsible for ensuring stringency of internal controls.
» See Forensics Ready to see how Defender 5.2 can help you comply with corporate legislation. |
Further Information |
compliance further information
SOX / Basel II / Gramm-Leach-Bliley Reference
|
Health Insurance Portability and Accountability Act
National Institute of Standards and Technology
|
