Sarbanes-Oxley Act (SOX)

Sarbanes-Oxley Act (SOX) Compliance

SOX compliance requires policies, procedures, and training to safeguard financial data and stop fraud.  SOX calls upon compamies to really exercise controls on protected financial data, as well do audits and public reporting.  Like most public data protection laws, SOX drives many changes in many businesses. SOX focuses on preventing abuse of finanical data – usally for personal gain.  It makes protecting data as daily business.  For companies that must adhere to SOX, it becomes part of any employee’s job in some way or another.

Why Do We Have SOX?

Stop Fraud in Financial Companies

The Sarbanes-Oxley (SOX) Act was developed and approved into US law to prevent corporate fraud.

 

Sarbanes-Oxley Act Requirements

To be SOX compliant, public companies doing business in the US must:

  • Implement internal controls to protect financial data from tampering.
  • File regular reports with the Securities and Exchange Commission (SEC) attesting to the effectiveness of security controls and the accuracy of financial disclosures.
  • Pass an annual independent audit of their financial statements and controls.

The SOX Act also sets rules for the accounting firms that audit public companies and the analysts who publish research on securities. The act imposes significant fines and criminal sentences for fraudulent financial activities and certain forms of noncompliance.

While SOX is a financial regulation, stakeholders from throughout the organization are involved in achieving compliance. IT departments and cybersecurity teams have become particularly important as organizations increasingly turn to technology solutions to protect financial information in complex enterprise networks.

financial fraud protected by Sarbanes Oxley Act

Does SOX Apply to Me?

Maybe

The Sarbanes-Oxley Act applies to all publicly traded companies doing business in the US and their wholly owned subsidiaries. It also applies to securities analysts and the accounting firms that audit public companies.  Private companies and non-profits are not usually no required to follow the Sarbanes-Oxley Act, but some are.

SEC Filing / Pre-IPO

Private companies getting ready for IPO – initial public offering, are subject to SOX when they register with the Securities and Exchange Commission.

All companies are prohibited by SOX from destroying or falsifying financial records to obstruct a Federal investigation.  This applies to any organization; Public, Private or Non-profit.

Whistleblowers are protected by SOX if they are testifying about public companies or public clients.

SOX is a US law that applies to US based companies AND foreign companies doing business in the US.

SOX protected financial documents

The Bottom Line for SOX

Companies need strong data controls for Authorization and Access of sensitive data.

Data retention, archiving, and traceability is required.

Auditing and reporting are required at least annually.

Aditi Group can help make it easier and compliant.  We know the challenges you face with SOX compliance and are here to help.