Sarbanes-Oxley Act of 2002 or SOX Act, also known as “Public Company Accounting Reform and Investor Protection Act” in the Senate and “Corporate and Auditing Accountability, Responsibility, and Transparency Act” in the House in the U.S. Federal law sets new or expanded requirements for all U.S. public company boards, management, and public accounting firms. It also has a number of provisions that apply to privately held companies, like the willful pull-down of evidence to disrupt a federal investigation.
It was enacted as a result of a number of major corporate and accounting offenses. It requires the Securities and Exchange Commission to construct regulations to define how public corporations should comply with the law. The sections of the bill cover control of the public corporation’s board of directors, and cast criminal penalties for certain misconduct. The law is intended to increase the accuracy and reliability of corporate disclosures in financial statements while protecting investors from corporate fraud.
SOX is a complex law with 11 sections, each delineating mandates including oversight, auditor independence, and corporate responsibility.
Here are the 3 key provisions that are commonly referred to as per section numbers:
- Section 302 requires senior corporate officers to personally certify the company’s financial reports are in compliance with SEC disclosure requirements and that they have adequate internal controls in place for public disclosure.
- Section 404 pertains to the establishment of internal controls and reporting methods to ensure the adequacy of those controls.
- Section 802 contains the three rules that affect recordkeeping dealing with destruction and falsification of records, defining the retention period for storing records, and specifying which business records companies must store. And the applies to electronic communications as well.
It is all about corporate governance and financial disclosure. This requires financial transparency report on the Internal Control level. To secure accurate financial data, it demands a year-end financial disclosure report as a requirement. Now the SOX Auditor’s job is to review controls, policies, and procedures during an audit.
Using a control framework, all internal controls and procedures can be audited. The access and activity to sensitive business information can be easily monitored.
A SOX control is a rule that prevents and detects errors within a process cycle of financial reporting.
Internal controls for SOX Compliance don’t have to be costly, and strenuous. Best practices and solutions should provide the following focus for ease of compliance:
- The automated, real-time solution to prove compliance
- continuous control monitoring to ensure compliance tracking
- monitors any violations to access controls
- pinpoint and quantify the financial impact of any risks
In today’s modern enterprise, nearly 100% of the financially relevant activity happens in modern applications like SAP, Oracle, Workday, and NetSuite. By connecting directly into your business applications, the purpose is to prevent and detect deficiencies to ensure the consistent integrity of audits fulfilled by accounting firms or by an external auditor.
Internal and external auditors alike trust Pathlock’s reports to prove control enforcement and compliance with regulations. By connecting directly into your business applications, Pathlock can automatically monitor activity in these applications to surface any violations to controls and pinpoint and quantify the financial impact of any risks.