Sarbanes-Oxley SOX Compliance

In the wake of a number of corporate accounting scandals, including Enron, Peregrine Systems and WorldCom, the Sarbanes-Oxley Act was introduced ‘To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes’ The intent of the Act was to ensure that similar cases of accounting fraud and the misleading of investors would be prevented in the future for all publicly held companies, management and public accounting firms.

SOX

sox - city buidlings

Data governance requires IT system integrity to be maintained
One of the key elements of the legislation is that company executives must take personal responsibility for the veracity of financial information, with far greater penalties for other financial fraud. The necessary internal controls/operational controls in terms of accounting and auditing require sufficient levels of governance, defined in SOX Section 404.

A ‘Top Down’ risk assessment must be conducted by Management, operating in conjunction with an independent external Auditor, covering a number of key questions:

  • Are internal controls related to significant accounts and financial reporting effective?
  • What is the potential risk for fraud or misrepresentation for business transactions with respect to IT systems and operational practices?
  • In summary, do company-level controls comply with COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework best practices? (first published in 1992 and updated in 2013)

In order for any organization to even attempt to attest to SOX compliance will require secure, protected and governance-assured IT systems.

From an internal controls SOX 404 standpoint, NNT Change Tracker ensures that IT systems are protected from fraud and misuse, with requisite audit trails provided to prove system integrity has been maintained.

Systems must be hardened and provisioned on a strict ‘principle of least privilege’ basis and Change Tracker’s certified auditing technology for CIS Benchmark Checklists ensures that all available vulnerability mitigations are in place at all times.

Finally, the provision of a ‘Closed Loop’ Change Management system is vital to show exactly what changed and by whom at any stage in order to govern system integrity. By extension, any Unplanned Change will be highlighted for investigation and either approval or remediation in line with COBIT Framework best practices, favored strongly by SOX 404 Auditors.

Additional SOX Resources
Sarbanes-Oxley (SOX) Blog
The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire
AL5 2JQ

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.