|
Sarbanes-Oxley Act (SOX)
The
Sarbanes-Oxley Act OF 2002 is US Federal legislation
establishing requirements for publicly traded companies to
improve the transparency, accuracy, and integrity of their corporate
financial reporting. SOX Sections 302 and 906 tie responsibility
for financial reporting to corporate executives, who are liable
for both civil and criminal penalties for non-compliance.
Section 404 requires that companies create and maintain
effective internal controls to track financial processes, subject
to audit by independent agents.
Because
IT organizations are responsible for corporate transaction,
analysis and reporting systems, they become the primary resource
in companies for complying with Section 404. The
deadline for SOX Section 404 was June, 2004, meaning that, among other
things:
-
Organizations
must have in place the facilities to audit and protect the integrity of
corporate financial analysis and reporting processes.
-
Organizations
must document their policies and procedures.
-
Organizations
must monitor and report on the use of business and financial
data underlying mandated reporting.
This
means that policies controlling access and interaction with applications, databases and data
warehouses
supporting business analysis and financial reporting must be strictly enforced and
that an audit trail of who has
accessed the information must be maintained.
Source:
The American Institute of Certified Public Accountants (AICPA)
|