SOX Summary

October 10th, 2004 | 1 Comment | Posted in Security and Compliance

One of the most talked about regulations these days is obviously Sarbanes-Oxley. Below is a quick summary of Section 302 and 404. Remember, if you are a CEO or CFO, don’t screw up. Otherwise you will be fined up to $1 million and/or up to 10 years in jail.

Section 302

  • Proper documentation and disclosure of the controls and procedures
  • certifying officers (financial officers)
  • authorized, complete and accurate

    Section 404

  • requires the mgmt of the public companies to assess the effectiveness of the organization’s internal control over financial reporting
  • requires annual review and assessment of the effectiveness of the internal controls
  • requires a company’s independent auditor to attest to mgmt’s assessment of its internal control over financial reporting
  • internal controls
    • records are logged in reasonable details, accurate and reflect the transactions
    • assurance that transactions are being recorded
    • assurance that prevention or timely detection of unauthorized acquisition, use of disposition of the assets that could have a material effect on the financial statements
  • ated that an ineffective control environment should be regarded as atleast a significate deficiency and as a strong indicator that a material weakness in inernal control over financial reporting exists.
  • the IT control environment includes the IT governance process, monitoring and reporting. The IT governance process includes the information systems strategic plan, the IT risk management process, compliance and regulatory management, IT policies, procedures and standards. Monitoring and reporting are required to ensure IT is aligned with business requirements.
  • Building a strong internal control program within IT can help to:
    • enhance overall IT governance
    • enhance the understanding of ITamong executives
    • make better business decisions with higher-quality, more timely information
    • align project initiatives iwth business requirements
    • prevent loss of intellectual assets and the possibility of system breach
    • contribute to the compliance of other regulatory requirements, such as privacy
    • gain competitive advantage through more efficient and effective operations
    • optimize operations with an integrated approach to security, availability and processing integrity
    • enhance risk management competencies and prioritization of initiatives
    • Leave a Reply |
    Follow Discussion

    One Response to “SOX Summary”

    1. JolinaNo Gravatar Says:
       August 19th, 2005 at 7:39 am

      I saw that Prevari was doing some free focus groups related to Sarbanes Oxley. Maybe it’s worth checking out.
      http://www.prevari.com/registration.htm