Aperio-it Logo

Formerly Aperio IT

  • Home
  • Services
    • Office 365 IT
    • Manage IT
    • Helpdesk IT
    • Cloud IT
    • Recover IT
    • Secure IT
  • About
    • Business Partners
    • Request A Demo
    • Referral Program
  • Support
    • Support Blog
  • Contact
  • Blog
  • Managed IT Support Services
  • Schedule My Free Assessment
Home Blog Making sure your business is SOX Compliance

Making sure your business is SOX Compliance

November 18, 2015 blog
SOX compliance

(Part 1 in our series on IT Compliance Concerns.)

What is the Sarbanes­Oxley (SOX) Act?

The Sarbanes­Oxley Act of 2002 is a federal law that set both new and expanded requirements

for public company boards, management, and public accounting firms in the U.S. It is more

commonly known as Sarbox, or SOX. This act also contains some provisions for private

companies, such as those concerning the willful destruction of evidence to impede a Federal

investigation.

The Sarbanes­Oxley Act was a reaction to corporate and accounting scandals including Enron,

Worldcom, and Tyco. Some of the factors that made these scandals possible, and that the act

attempts to prevent, include auditor conflicts of interest; boardroom failures such as failure to

establish effective oversight mechanisms for financial reporting; conflicts of interest among

securities analysts; and more.

Who is affected by SOX compliance?

Ultimately, responsibility for SOX compliance rests squarely on the shoulders of the leaders of an

organization rather than on the IT department. This means that although the IT department may

prepare SOX audit statements, it will be c­level executives of a company that face fines and

possible imprisonment if penalties are assessed. SOX audit statements must be certified by the

CEO of a corporate entity, reflecting this responsibility.

Section 802 of the Sarbanes­Oxley Act describes penalties for infractions:

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false

entry in any record, document, or tangible object with the intent to impede, obstruct, or influence

the investigation or proper administration of any matter within the jurisdiction of any department or

agency of the United States or any case filed under title 11, or in relation to or contemplation of

any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or

both.

For example, in one of the first fines levied under the Sarbanes­Oxley Act, CEO Calixto Chaves of

Rica Foods, Inc., agreed to pay $25,000 in regard to charges that company officials certified the

accuracy of the company’s annual financial statement, while knowing that these statements did

not include the required independent audit report.

Are there advantages to becoming SOX compliant for non­public companies?

According to TechTarget’s e­handbook, The Sox Effect, “Adopting SOX­compliance controls and

procedures can improve your organization’s overall IT security program, even if your company is

not a publicly traded one typically targeted by SOX regulations.” SOX compliance is not

particularly concerned with ensuring the security of data or systems. Rather, it focuses on best

practices for keeping track of who has access to financial data, where that data came from, and

keeping track of whether that data gets changed. For instance, organizations that follow SOX best

practices will perform more regular reviews of user accounts and privileges related to finance

systems and data. While this certainly can require additional IT resources, it can pay off in fewer

costly security incidents. Working toward SOX compliance can also help an organization make

headway in other areas such as PCI DSS compliance (which we will discuss later in our series on

IT compliance concerns).

Coming soon: Part 2 in our series on IT Compliance Concerns, “What Does My IT Team Need to

Know About SOX Compliance?”

To read more about SOX:

● For up­to­date information on the Sarbanes­Oxley Act, you can check the Securities and

Exchange Commission’s (SEC’s) website.

● You can also learn more about Information Technology concerns created by the

Sarbanes­Oxley Act in TechTarget’s e­handbook, The SOX Effect.

ebookehandbookIT ComplianceIT Compliance ConcernsIT resourcesIT security programIt TeamLearn MorePCI DSS ComplianceSacramento CapitalSarbanesOxley actSecurity DataSecurity SystemsSOX complianceSOX regulations
Share:

Sales: (916) 352-8792

Support: (916) 568-6830

Sales: info@aperio-it.com

Support: support@aperio-it.com

SUPPORT LINKS
  • Remote Support App
  • Login To Client Portal
  • Create Support Ticket
SUPPORT LINKS

© Copyright Aperio IT

APERIO IT HAS A NEWSLETTER

Sign up today for free & stay current with local IT news.

X
Support Agent

Christina F

IT Specialist

What Makes Us Unique
  • Free Network Assessment
  • Host of IT Services
  • $50 Million Infrastructures
  • 30 Second Response time
  • Over 125 IT & Help Desk Technicians
  • Unlimited 24/7 Support
BBB Rating
Looking for Managed Services?

Get in touch with us today to find out how can we help you

Proudly serving over 1000 business nationwide

Thank you for reaching out to us. One of our experienced team members will reach out to you shortly. If you need to speak with someone immediately.

Call us at 916.568.6830