Analysis Of Sarbanes-Oxley Act

Submitted By ButtSniffer6420
Words: 758
Pages: 4

SOX in the Business

The Sarbanes-Oxley Act (SOX), also known as the Public Company Accounting Reform and Investor Protection Act of 2002, is a U.S. Federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals, including most famously Enron and WorldCom. These scandals cost investors in these public companies billions of dollars when the share prices collapsed and shook public confidence in the nation's securities markets. SOX established new and enhanced standards for all U.S. public companies, their boards, management, and public accounting firms. The core of SOX is its requirement that all financial processes are managed according to a stringent set of rules and regulations, backed by accurate reporting capabilities. This management and recording of controls, to work toward compliance can become a very time consuming and expensive project without a solution to streamline and automate these processes. The key part of the SOX act for developers is Section 404 titled "Management assessment of internal controls." This section requires management to take responsibility for the integrity of financial data by evaluating IT systems and processes and producing evidence that the company has done a reasonable job keeping sensitive information safe. While SOX doesn't address IT directly, the implications for IT are huge, given that most financial data in an organization flows through server systems and the code that it is written in. Fundamentally, SOX compliance comes down to an auditor's assessment of an organization's ability to restrict who has access to resources that manage financial data and what has changed in the IT environment. Most SOX software available today enables companies to address SOX compliance challenges, and significantly reduce the costs of compliance. Using SOX software, companies can design, assess, and improve internal controls under the COSO framework, monitor their compliance processes at any level of detail, and easily provide evidence to external auditors that an internal control was tested to the satisfaction of the internal audit group. Most software's document control capabilities provide a central archive with comprehensive change control capabilities. Some software can also provide greater control over and clear visibility into compliance issues, statuses, and plans. While the requirements for SOX compliance only directly affect public corporations, there has been a trickle-down effect to private companies serving as business associates, consultants, and outsourced service providers. Given this, both public and private companies need to have an understanding of SOX compliance to ensure that their daily business practices are aligned with its specific requirements. Public corporations have many technological options for supporting the various internal controls needed to achieve SOX compliance and protect sensitive systems. However, the problem with relying on traditional network security products like firewalls, intrusion detection systems, and encryption to ensure SOX compliance is that most internet based attacks can still occur without being detected or responded to effectively. Attackers can be prevented from accessing the network altogether by performing proactive web application