Users' questions

WHAT IS IT SOX compliance?

by Rhyley Bryan

WHAT IS IT SOX compliance?

The Sarbanes-Oxley Act of 2002, often simply called SOX or Sarbox, is U.S. law meant to protect investors from fraudulent accounting activities by corporations. It also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.

Who must comply with SOX?

Who Must Comply with SOX? SOX applies to all publicly traded companies in the United States as well as wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the United States. SOX also regulates accounting firms that audit companies that must comply with SOX.

What are the main requirements of the Sarbanes-Oxley Act?

5 Key but Lesser-Known Requirements of Sarbanes-Oxley Compliance

  • Private companies and nonprofits.
  • Public Company Accounting Oversight Board exclusivity.
  • Audit committee independence and auditor prohibitions.
  • Publishing code of ethics.
  • Extent of increased whistleblower protections.

Is the CIO involved in Sarbanes Oxley compliance?

In an informal survey by CIO of the top 19 companies on the Fortune 100 list, most executives viewed compliance with Sarbanes-Oxley as a finance issue, not a systems issue. A few acknowledged a potential role for IT but insisted it was premature for the CIO to be involved.

Is the use of encryption required by Sarbanes Oxley?

Sarbanes-Oxley does not specifically call for the use of encryption as a control to protect financial data, but its use is considered a best practice. The SANS Institute identifies encryption as a critical security control in its list of the Top 20 Critical Controls.

How does Sarbanes Oxley affect the financial side of a company?

Sarbanes-Oxley not only affects the financial side of corporations, but also IT departments charged with implementing and maintaining the internal controls referenced in Section 404. Companies must document, test, and maintain those controls as well as the procedures for financial reporting to ensure their effectiveness.

Who is required to comply with Sarbanes Oxley Act?

In addition to publicly-traded companies, along with their wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the U.S., Sarbanes-Oxley also regulates accounting firms that perform audits for any U.S. public company. Private companies and charities aren’t required to follow all of the provisions of the law.