Sarbanes Oxley (SOX) Compliance with SVT
What is Sarbanes Oxley (SOX) and who does it apply to?
The Sarbanes–Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002. The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation’s securities markets.
How does SOX affect your enterprise?
The legislation set new or enhanced standards for all U.S. public company boards, management and public accounting firms. It does not apply to privately held companies. The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. Harvey Pitt, the 26th chairman of the Securities and Exchange Commission (SEC), led the SEC in the adoption of dozens of rules to implement the Sarbanes–Oxley Act. It created a new, quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting firms in their roles as auditors of public companies. The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
How SVT can help you!
From an information technology perspective, SOX requires the chief executive and chief financial officers of public companies to establish adequate internal controls over financial reporting (Section 404). Passage of SOX resulted in an increased focus on IT controls, as these support financial processing and therefore fall into the scope of management’s assessment of internal control under Section 404 of SOX.
The COBIT framework may be used to assist with SOX compliance, although COBIT is considerably wider in scope. Additionally, ISO27002 controls can provide a similar framework. During a SOX audit an external auditor will have their own list of controls, tests, and acceptable evidence of compliance. In most cases, adherence to COBIT or ISO27002 along with the supporting processes and documentation will go a long way to address the auditor’s requirements.
Whether you adopt ISO27002 or COBIT, SVT gives you a mechanism that supports sound, repeatable security management, and that’s a cornerstone security requirement regardless of which standard you must adhere to.
Please contact us today for more information on how SVT Audit Manager can help meet your regulation needs.