Sarbanes-Oxley SOX Compliance

Data governance requires IT system integrity to be maintained
One of the key elements of the legislation is that company executives must take personal responsibility for the veracity of financial information, with far greater penalties for other financial fraud. The necessary internal controls/operational controls in terms of accounting and auditing require sufficient levels of governance, defined in SOX Section 404.

A ‘Top Down’ risk assessment must be conducted by Management, operating in conjunction with an independent external Auditor, covering a number of key questions:

• Are internal controls related to significant accounts and financial reporting effective?
• What is the potential risk for fraud or misrepresentation for business transactions with respect to IT systems and operational practices?
• In summary, do company-level controls comply with COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework best practices? (first published in 1992 and updated in 2013)

In order for any organization to even attempt to attest to SOX compliance will require secure, protected and governance-assured IT systems.

From an internal controls SOX 404 standpoint, NNT Change Tracker ensures that IT systems are protected from fraud and misuse, with requisite audit trails provided to prove system integrity has been maintained.

Systems must be hardened and provisioned on a strict ‘principle of least privilege’ basis and Change Tracker’s certified auditing technology for CIS Benchmark Checklists ensures that all available vulnerability mitigations are in place at all times.

Finally, the provision of a ‘Closed Loop’ Change Management system is vital to show exactly what changed and by whom at any stage in order to govern system integrity. By extension, any Unplanned Change will be highlighted for investigation and either approval or remediation in line with COBIT Framework best practices, favored strongly by SOX 404 Auditors.