Follow Us:

SOX

The Sarbanes-Oxley Act of 2002

Overview

The SOX Act was established as a reaction to numerous financial scandals (e.g., Enron, WorldCom) and is designed to increase corporate accountability and implement measures to defend against corporate and accounting fraud.

While there are numerous sections to the SOX Act, there are two that stand out regarding information security requirements:
Section 302 requires that officers of the company (CEO and CFO) sign off on quarterly and annual reports to, amongst other items, attest that the report is complete and accurate and to report on the effectiveness of internal controls.

Section 404 requires that an assessment of internal control over financial reporting be conducted and included as part of the annual report. While the assessment of controls focus on those relevant to financial reporting, the requisite level of control is dependent on IT functionality. Due to this relationship, the assessment must include an evaluation of the design and operational effectiveness of general IT controls.

Addressing SOX Section 404 will require the organization to incorporate information technology controls in a manner consistent with a control framework such as ISO 27001 or Control Objectives for Information and related Technology (COBIT).

References

Industry

Publicly Traded Companies

Free Consultation

Our clients trust us to keep their businesses secure. Let's discuss how we can do that for you too.
Schedule Today

 

Contact Us
  • Headquarters:
    Three Bala Plaza - Suite 701
    Bala Cynwyd, PA 19004
    (484) 223-2598
  • Other Locations:
    875 N Michigan Ave, Chicago, IL
    (312) 239-3139

    100 Congress Avenue, Austin, TX
  • Phone:
    (888) 234-5990
  • Email: info@btbsecurity.com
Say Hello

 

 

© BTB Security. Web Design By The 215 Guys