Understanding the Sarbanes-Oxley Act

Public companies have a responsibility to report their financials honestly and to keep accurate financial records, thanks in part to the passing of the Sarbanes-Oxley Act (SOX). This act helped improve corporate financial reporting and auditing practices in the United States.

At Tekie Geek, we provide a variety of IT services to businesses in New York and New Jersey, including helping them prepare for SOX audits. Here, we discuss the Sarbanes-Oxley Act, its importance, and how businesses can ensure they are SOX-compliant.

What Is the Sarbanes-Oxley Act (SOX)?

The Sarbanes-Oxley Act, also called the SOX Act, is a law that was adopted in 2002 as a response to the financial scandals of publicly traded companies like Enron and Tyco International. These infamous scandals involved falsifying financial records and ended up costing investors billions of dollars. They also decreased investors’ trust in corporations and their financial statements, as well as the public’s trust.

The purpose of the Sarbanes-Oxley Act was to protect investors from fraudulent financial reporting by corporations. The act imposed stricter rules and recordkeeping requirements for accountants, auditors, and corporate officers of public companies. It also imposed criminal penalties for employees who violated these rules and requirements. The Sarbanes-Oxley Act got its name from its two sponsors—Sen. Paul S. Sarbanes (D-MD) and Rep. Michael G. Oxley (R-OH).

What Does the Sarbanes-Oxley Act Cover?

The Sarbanes-Oxley Act applies to all publicly traded companies doing business in the U.S., as well as their wholly owned subsidiaries. It also pertains to securities analysts and accounting firms that audit public companies. The SOX Act is a complex law with many provisions and stipulations. However, there are a few main provisions that are commonly discussed. They include:

• Section 302: This requires senior corporate officers to personally certify that the company's financial statements comply with SEC disclosure requirements and are accurate, with criminal penalties for dishonesty.
• Section 404: This requires that management and auditors of publicly traded companies establish internal controls and reporting methods to ensure their accuracy.
• Section 802: This establishes recordkeeping rules about the records companies need to keep, the destruction and falsification of records, and the amount of time they need to store their records.

The Sarbanes-Oxley Act also outlines requirements for information technology (IT) departments regarding electronic records, data security, and recordkeeping, although there are no specific business practices stated.

Why Is the Sarbanes-Oxley Act Important?

The Sarbanes-Oxley Act is important because it helps to promote transparency and trust between corporations, investors, and the public. It also helps prevent other companies from breaking the rules by imposing strict punishments, including jail time.

When it comes to IT professionals, the SOX Act is important because it requires companies to implement security measures to protect their data. These measures are often done by the IT department and include restricting access to physical and digital files, backing up financial data at an external location, securing data from internal and external threats, and more. IT professionals must ensure their company’s data is being stored in compliance with SOX regulations.

What Is SOX Compliance?

SOX compliance is essentially what it sounds like—following all the rules and regulations that are required by the Sarbanes-Oxley Act, including financial reporting, information security, and auditing requirements. When it comes to the information security part of SOX, businesses can implement controls to their IT infrastructure so they can be SOX-compliant. If IT infrastructure is SOX-compliant, it means it allows for privacy when securely transferring financial information directly to accountable parties. The infrastructure must also meet the requirements of a third-party auditor.

Determining SOX Compliance of IT Infrastructures

To determine whether an IT infrastructure is SOX-compliant, the third-party auditor will examine it and look for certain variables. These include:

• Is there an identity-based security system in place on the applicable framework?
• Do the right people have access to the right data?
• Are servers isolated to ensure that a compromised server can't compromise an otherwise compliant infrastructure?
• Does the IT framework or database provide the confidentiality required by Article 404 of SOX?
• Is physical security in place for applicable servers?
• Is there a firewall protecting that server from the internet?
• Are connections to the servers encrypted?

These are some of the components that an auditor will look for when determining whether an IT infrastructure is compliant with SOX.

How to Be SOX-Act Compliant

Becoming SOX-Act compliant can be a complicated process, but there are a few steps to take to help make sure your IT infrastructure is compliant. They include:

• Assessing your current IT environment to identify relevant IT components and any related risks
• Documenting how the relevant components are configured, managed, and monitored
• Implementing controls and policies that address any gaps or issues identified in the assessment
• Monitoring the IT controls and policies routinely to make sure they are effective and working properly
• Educating IT staff about SOX compliance and what is needed to become compliant
• Collaborating with SOX auditors to adjust to their feedback and work toward compliance

Another way to help your IT infrastructure become SOX-compliant is by working with Tekie Geek. Our IT professionals have experience working with accounting businesses to ensure their IT infrastructures are SOX-compliant. We can examine your network security and the role it plays in regulatory compliance, helping you determine what needs to be adjusted. Our certified technicians can also help you prepare for your SOX audit.

Get Help With SOX Compliance From Tekie Geek

If you’re hoping to make sure your IT infrastructure is compliant with the Sarbanes-Oxley Act, turn to the IT experts at Tekie Geek for assistance. Serving businesses in New York and New Jersey, Tekie Geek offers a range of IT services, including managed IT, co-managed IT, and more. For more information on Sarbanes-Oxley compliance and how to become compliant, contact us today.

‍