The Sarbanes-Oxley Act (SOX) became effective in 2006 and was implemented to hold all USA corporations accountable for their internal financial auditing controls to the Securities and Exchange Commission. This federal law was passed in response to a number of major corporate and accounting scandals. The Sarbanes-Oxley Act itself is organized into eleven sections, but sections 302, 404, 401, 409, 802 and 906 are the most important in terms of compliance. Failure to comply with regulations can result in fines up to $10 million and 30 years in prison for a corporation. We have compiled five signs for you to reference in order avoid the extensive civil and criminal penalties for non-compliance.
5 Signs You’re Non-SOX Compliant:
You Don’t Periodically Report the Effectiveness of Safeguards
Stated in Section 302.4.D you are required to have officers continuously generate a report based off the efficiency of the security system and clearly state their findings.
You Don’t Disclose Security Safeguards to Independent Auditors
Stated in Section 404.A.1.1, you are obligated to select auditors and hold them accountable to review control structures and procedures for financial reporting. All information that correlates with security framework and parties responsible for the operation of the security framework must be disclosed to the auditors.
You Don’t Disclose Failures of Security Safeguards to Independent Auditors
Stated in Section 404.B, you are required by auditors to be aware of and report on any drastic modification to internal controls and/or significant failures that could immediately affect internal controls.
You Don’t Ensure that Safeguards are Operational
Stated in section 302.4.C this demands that appointed officers are testing the durability of internal controls within 90 days prior to the previous report. This security framework needs to be constantly reviewed and made verified.
You Don’t Establish Verifiable Controls to Track Data Access
Stated in section 302.4.B this section requires internal controls over data, so that officers are aware of all relevant data. Data must exist in an internally controlled and verifiably secure framework.
If you have any questions on whether or not your company is in SOX compliance, allow Cognoscape to verify for you. Call and learn more today!