The year 2002 has redefined compliance management scenario in the United States with the passage of Sarbanes – Oxley Act (SOX). The events leading to the SOX Act were serious high stakes financial scandals that occurred at WorldCom, Enron, and Tyco, among others. The SOX Act is seen as a protection of shareholders and the general public from business accounting errors and fraudulent activities. The Act was designed to improve corporate disclosure accountability and transparency thereby improving corporate governance across the organization.
With the SOX Act, all public companies now have to comply with it on both the financial as well as the IT end. The nature of data storage by IT has also changed with the SOX Act defining which records need to be stored and the timeline that has to be followed for the storage. Complying with SOX requires businesses to save all data records, which are no longer limited to electronic records and messages, for not less than five years. Non-compliance with SOX may lead to fines or imprisonment or both.
Electric Record Management Rules
The IT department is responsible for the creation and maintenance of corporate records. The department should comply with the Act in a cost-effective way. According to Sec 802, Criminal Penalties for Altering Documents in SOX Act, the penalties for anyone involved in the destruction, alteration, or falsification of records would be hefty fines or imprisonment for not more than 20 years or both. The second rule under Sec 802 SOX Act defines the data storage retention timeline. Some of the generally accepted retention periods under SOX are listed below.
The third rule under Sec 802 of SOX Act defines business records, communications, and electronic communications that need to be stored.
SOX Compliance Controls
Put in place security controls so as to ensure the safety and accuracy of data. There is a major overlapping of Data governance and SOX Compliance as both of them work towards the safety and accuracy of data within the organization. Data mapping and classification tools help in tracking the data’s whereabouts and its usage.
SOX Compliance Audits
An independent auditor conducts SOX audits on an annual basis. SOX audits have to be separate from other external and internal audits to avoid any conflict of interest. However, one can time the audits with other audits so as to be able to include it in their financial annual reports, thus having transparent communication with their stakeholders.
SOX Software Solution
Implementing a software solution for managing compliance requirements would enable monitoring of data, tracking policies and its timelines and recording every user action. With evidence trails captured in the system, it would ensure the proper investigation in case of any fraudulent activity. Implementing a software solution that ensures SOX compliance would protect data and business and ease the SOX audit processes carried out annually.
VComply helps the organization in tracking SOX Controls on a single platform with real-time tracking and in-detailed analysis.
To read more about regulatory compliance, click here.Add to favorites