Proudly serving Atlanta for over 25 years.
SOX compliance doesn’t have to be difficult. Custom Technologies is your trusted local SOX compliance consulting services company in the Atlanta, GA area. We have the technology resources and expertise to make your SOX compliance initiative painless and efficient. Contact us today for your SOX compliance consulting service needs.
The Sarbanes-Oxley Act, also known as SOX, was established in 2002, and is designed to protect the public from fraudulent or erroneous practices by corporations and some other business entities. The bi-partisan bill was written by its namesakes, Paul Sarbanes (D-MD) and Rep. Michael G. Oxley (R-OH-4) in response to a spate of recent major scandals, including Enron, Worldcom and Tyco. It was passed overwhelming in both the House and the Senate.
SOX applies to publicly traded companies in the US, and wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the US. It also applies to the accounting firms that audit these entities. The regulation’s stated goal is “to protect investors by improving the accuracy and reliability of corporate disclosures.” While SOX compliance is not required of private companies, charities and non-profits, it does include language to penalize those that knowingly destroy or falsify financial data. While SOX compliance may seem like another legally required administrative headache, complying with the legislation is actually good for business. In addition to requiring ethical and transparent financial reporting, compliance with SOX also helps protect companies from data breaches and thefts from insiders or from cyber criminals.
SOX Compliance Requirements
Following is a summary of some of the most important SOX requirements:
Corporate Responsibility for Financial Reports
This section states that the CEO and CFO are personally responsible for the accuracy, documentation, and submission of all financial reports and the internal control structure to the SEC. In addition, they are responsible for establishing and maintaining internal SOX controls and must validate those controls within 90 days prior to issuing the report. Failure to comply places these officers at risk of monetary penalties and even jail time, whether the failure is intentional or not.
Management Assessment of Internal Controls
SOX requires an Internal Control Report that states management is responsible for an adequate internal control structure for their financial records, and an assess by management of the effectiveness for the control structure. Any shortcomings must be reported. A registered independent auditor must also attest that management’s assertion is accurate.
Data Security Strategy
Companies must ensure formal data security policies, communication of data security policies, and consistent enforcement of data security policies. This strategy needs to be comprehension and ensure the security of financial data stored and used during normal business operations.
Documentation of Compliance
SOX requires that companies maintain and provide documentation proving they are compliant and that they are continuously monitoring and measuring SOX compliance objectives.
SOX Compliance Audits
SOX requires annual audits, the results of which must be readily available to stakeholders. The audit needs to be conducted by an independent auditor, separately from any other audits to avoid a conflict of interest.
The SOX compliance audit involves the comparison of past financial statements to the current year, to identify any potential irregularities. It can also include interviews with various personnel and a verification that compliance controls are sufficient.
In order to prepare for a SOX audit, be sure to update your reporting and internal auditing systems, and make sure that your SOX compliance software is working properly, so any report requests from an auditor can be fulfilled quickly.
Your SOX auditor will be looking for you to demonstrate your capability in four internal controls:
Physical and electronic controls that prevent unauthorized access to sensitive data. Physical controls include doors, badges, locks on file cabinets, and electronic controls include authentication measures such as passwords and lockout screens. Users should only have the access necessary to do their jobs.
Staff, practices and tools deployed to prevent security breaches on devices and networks containing financial data. How you choose to implement this control is up to you.
- Data Backup:
Maintain SOX compliant off-site backups of all of your financial records and ensure that any data that is lost can be restored.
- Change Management:
Have defined processes to add and maintain users, install new software, and make any changes to databases or applications that manage your company financials.
Benefits of SOX Compliance
SOX has provided a framework for companies to be better stewards of their financial records, in the wake of the enormous scandals that threatened investor and public trust. This brings with it other key side benefits, which can help offset the headache and expense of ensuring SOX compliance. These include:
- More predictable financials:
In addition to keeping stockholders happy, some companies have reported that this has resulted in easier access to capital markets.
- Improved data security:
Having the data security levels required for SOX compliance mitigates the risk of the financial and reputational costs of expensive data breaches.
- Improved communication:
SOX audits require involvement from cross-functional teams, that can result in improved overall communication and cooperation.
SOX Compliance Checklist
- Detect security breaches.
Ensure you can detect any security breaches and monitor suspicious logins.
- Prevent data loss.
Ensure you have a comprehensive data backup and recovery strategy.
- Ensure that your data is protected in real-time.
Corporate information should stay safe round-the-clock. Using automated security software is your best bet.
- Prevent tampering with your data.
Control user login, login attempts, and other forms of domain activity. Ensure that you know who has access to corporate’s critical data.
- Provide verifiable reporting.
Similar to financial reporting, data security should be accountable as well. You need to have clear reports regarding your security statuses. Report any issues immediately.
- Give SOX auditors access to the data they need.
Be ready to provide information about the security measures you take to protect your data.
- Maintain internal controls in a secure way.
To follow SOX compliance, internal controls should be implemented and managed. Internal controls assessment should be performed regularly to confirm their effectiveness.
SOX compliance doesn’t have to be difficult. At Custom Technologies, we have the technology resources and expertise to make your SOX compliance initiative painless and efficient. Contact us today to speak to a SOX compliance consultant.
What Makes Custom Technologies Inc.
Different and Better?
With 25 years of experience in IT support, solutions and services, we’re specialists at what we do. Custom Technologies lets you forget about your IT worries and focus on your business. We will work with you to develop a solution that is right for your business. Whether you need a single service or a fully integrated solution, you benefit from:
- Personal Attention – We don’t see you as just a number. (Our clients agree)
- Strong Customer Service – This justifies the strong relationships we’ve built over the years with our clients.
- The Right Specialist – We will assign the best person for the job to tackle your concerns on a particular IT issue.
I wanted to take this opportunity to let you know how much our company in Georgia appreciates Custom Technologies and its staff. They offer a wide range of services that meet the security needs of our servers and terminal PCs. They have a very straightforward approach of solving things, as it happens. Additionally, I’d like to commend Gabriel, one of their IT experts, handled a complex problem that was bothering us for a long time, was able to solve it within a day. I am glad I chose them for our IT needs.