Sitemap    Contact Info
Tizor Systems, Inc. - Data Protection and Compliance Auditing Solutions
About Us Solutions Products Services Partners News & Events Resource Center
Resource Center View Mantra
Resource Center Overview
Data Sheets
Whitepapers
On-Demand Events
Compliance Resources
SOX Perspective
The SOX Challenge
Beyond SOX Compliance
SOX 404
IT Controls for SOX
Background: Sarbanes Oxley
PCI Requirements
Data Security Resources
Data Breach Resources
Podcast
Bylines
Background: Sarbanes Oxley

Background on SOX: Sarbanes Oxley Overview

The intent of the Sarbanes Oxley Act of 2002 was to guarantee that the information we rely on to make investment decisions is trustworthy and complete. Sarbanes-Oxley Act (SOX) includes eleven Titles comprising sixty-six Sections that cover everything from the establishment of new auditing oversight committees to new levels of auditor independence, specific attestation requirements for CEOs and CFOs, and criminal penalties for non-compliance.

As a result of the Sarbanes Oxley, thousands of companies face the task of ensuring their accounting operations are in compliance. Auditing departments typically first have a comprehensive external audit by a SOX compliance specialist in order to identify key areas of weakness or risk. Specialized software may be installed in order to provide the "electronic paper trails" necessary to ensure Sarbanes-Oxley compliance.

The most important Sarbanes-Oxley sections for compliance are listed below. Note that certification and specific public actions are now required by companies to remain in SOX compliance.

SOX Section 302 - Corporate Responsibility for Financial Reports

The key concept of Section 302 is that the CEO and CFO are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure to the SEC.

SOX Section 409 - Real Time Issuer Disclosures

Section 409 of the Sarbanes-Oxley Act states that companies are required to disclose on a almost real-time basis information concerning material changes in its financial condition or operations

SOX Section 902 - Attempts & Conspiracies to Commit Fraud Offenses

SOX 902 specifically reads "Any person who attempts or conspires to commit any offense under this chapter shall be subject to the same penalties as those prescribed for the offense, the commission of which was the object of the attempt or conspiracy."

SOX Section 404: Management Assessment of Internal Controls

SOX 404 is one of the shortest and broadest-reaching statutes. It is also one of the most disputed. Sarbanes Oxley Section 404 outlines management’s responsibility “for establishing and maintaining an adequate internal control structure and procedures for financial reporting” and for certifying the “effectiveness of the internal control structure and procedures.” SOX Section 404 demands that companies (a) evaluate the adequacy of internal controls as they relate to financial reporting, (b) institute new controls as necessary, and (c) perform and report an assessment of these controls on an annual basis. Section 404 says, "Management must ensure that appropriate internal controls for financial reporting are in place."

Section 404 requires that corporations immediately institute internal controls to protect the integrity of financial data (and implied: all systems that access that data) and demonstrate that appropriate controls are in place. Any shortcomings in these controls must also be reported and registered external auditors must attest to the accuracy of the company management’s assertion that internal accounting controls are in place, operational and effective.

Additional SOX Resources and Information

Tizor White Papers (Registration is Required)

Learn more about Tizor’s SOX Audit Solutions for Sarbanes Oxley 404 Compliance