The Sarbanes-Oxley Act, also known as Sarbanes-Oxley, is known as the Public Company Accounting Reform and Investor Protection Act of 2002. It was co-sponsored by Senate Banking Committee Chairman Paul Sarbanes (R-Ky.) and House Financial Services Committee Chairman Mike Oxley (R-Iowa) and is also known as the Sarbanes-Oxley Act of 2002. The bill makes substantial changes to the U.S. Securities Act of 1933 and the Securities Exchange Act of 1934, and makes many new provisions in the areas of corporate governance, regulation of the accounting profession, and regulation of the securities markets.
The Sarbanes-Oxley Act provides compliance requirements for companies listed in the U.S., which makes listed companies have to consider controlling various risks including IT risks. Many domestic companies listed in the U.S. have begun to move, most notably the major telecom carriers that have invested heavily in people, money and materials.
1. There are many ways to simplify the biggest SOX hurdle:SOX404. for example. only testing internal controls. which if it fails can lead to material and punishable misstatements of financial data. You can save time and effort in the long run by filtering out this subset of controls. Create a flowchart of your organization's processes, procedures, and related activities, and know where to place controls to avoid errors. Other key areas of work include communication, SOX requisites training, and internal control elements and education.
2. Review data governance and security protocols. In the case of big data-related projects being undertaken by the organization, a variety of data is coming into the database in large quantities, and communication with business units introduces new complexities of compliance.
3. Most SOX-controlled IT organizations use COBIT, ITIL, or other management approaches to ensure consistent practices. Review whether a document strategy, content management for big data, and new enterprise concepts have been established, as well as the use of automated records management and archiving tools.
4. All of this internal SOX audit preparation is a new it solution that is easier to protect through regulatory compliance management best practices (such as virtual desktops or cloud).
5. Don't forget Software as a Service (SaaS). Sensitive data often exists outside of these third-party SaaS applications, and auditors are modifying the offending data. If the organization relies on a SaaS provider, make sure they are compliant with SAS 70 reporting of SOX data.
6. The right auditor makes the process smoother. Choose a company with experience in the specific industry. Choose firms that are better known, unless there is a compelling reason to do so - such as being a compelling auditor at a small firm, or going to another firm together. An auditor will not be able to provide accounting services for your company, nor will they provide in-depth support for corrective action. Consult auditors, not salespeople and senior staff, in company evaluations. Know who is actually performing the audit.
7. There is nothing wrong with the audit inquiry and the auditor's approach. It will help IT organizations prepare for - and even run - Sarbanes-Oxley internal audits to avoid common mistakes.
8. In most IT organizations, compliance, management, and security all fail in the same place. This is good news. Because problem areas can be identified and fixed before the audit process begins.