3 Things You Need to Know About SOX Compliance
Worldcom, Enron, and Arthur Anderson. These names ring a bell?
These are the companies in the early 2000s that committed accounting scandals resulting in tremendous loss of capital, layoffs, and prison sentences. The Sarbanes-Oxley Act of 2002, also referred to as SOX, was implemented to hinder corporate accounting atrocities and improve company security by formalizing a system of checks and balances in a company.
Although the SOX Act is extremely extensive and the totality of it is not relevant to IT companies, the way in which IT departments store corporate electronic records changed as a result of SOX. Since they involve data management, sections 302, 404, and 409, specifically, are necessary for IT professionals to understand for compliance. Three main takeaway points from these sections:
- Keep Executives Informed
- Establish Internal Systems to Promote Accurate Financial Auditing
- Timely Disclosure of Issuer Changes
Keep Executives Informed
The first thing an IT professional can do to comply with SOX is keep company executives up to date and informed of any changes made to the data management system(s). In Sec 302, corporate responsibility for financial reports is discussed. The gist of Sec 302 is that both the CEO and CFO are directly responsible for the documentation, accuracy, and submission of financial reports. An IT team’s role in achieving SOX compliance in this section is to help their executives set up, update, and maintain internal systems that will enable them to file all IT- or data-related information safely.
Establish Internal Systems to Promote Accurate Financial Auditing
Sec 404 mentions that all systems data must be protected and able to be shown to an external auditor to prove compliance. One of the responsibilities of the IT team is to identify which IT processes are involved in any part of financial reporting. Companies are expected to provide valid documentation that they are and have been SOX compliant upon an audit request. As such, IT teams also hold the responsibility of providing the system data reports that prove the data hasn’t been breached and is safe. Ensuring company data is well-documented and routinely (internally) audited will strengthen compliance with SOX.
Timely Disclosure of Issuer Changes
Sec 409 emphasizes the importance of disclosing any key information or changes that might significantly affect a company. This may include data breaches, mergers, or loss of an anchor supplier. Hiding breaches or falsifying reports to company executives will not only get the executives in legal trouble, it will directly affect the IT team, as well. Internal systems should be in place to ensure key data and IT issues are reported immediately to remain in SOX compliance.
Although SOX compliance is pretty technical for IT professionals and teams, having a knowledgeable and trusted consultant can help navigate through some of the technical and legal jargon. Fairdinkum has 24/7 support for IT companies and can help with SOX compliance or any other pain points. Click here to set up an introductory meeting, we’d love to talk!