What is SOX?
In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and deceptive practices in organizations, and to improve the accuracy of corporate disclosures. The act sets deadlines for compliance and publishes rules on requirements. Congressman Paul Sarbanes and Michael Oxley drafted the act with the objective of improving corporate governance and accountability, in light of the financial scandals that occurred at Enron, WorldCom, and Tyco, among others.
Who must comply with this law?
SOX compliance is applicable to:
- All publically held U.S. organizations.
- Any international organization that have registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC).
- Any accounting firm or other third-party that provides financial services to either of the above.
What are the requirements for SOX?
The Sarbanes-Oxley Act of 2002 is a complex and lengthy piece of legislation. Five of its key provisions are commonly referred to by their section numbers: Section 302, Section 404, Section 802, Section 409, and Section 906.
- Section 302 – Corporate Responsibility for Financial Reports: Every public organization is required to file periodic financial reports with the SEC, and the CEO and the CFO must sign each report to indicate they have reviewed it and they certify that the report does not contain any untrue statements and does not omit any material information. In addition, the signers of the report are in-charge for establishing and maintaining internal controls and must have validated those controls within 90 days prior to issuing the report.
- Section 404 – Management Assessment of Internal Controls: All yearly financial reports must include an Internal Control Report stating that management and auditors are responsible for internal controls and reporting methods to ensure the adequacy of those controls. Any weakness in these controls also must be reported. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded organizations because it's often expensive to establish and maintain the necessary internal controls.
- Section 802 – Criminal Penalties for Altering Documents: Anyone who intentionally alters, destroys, disfigures, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to hinder, obstruct, or impact the investigation or proper administration of issues before the SEC can be fined, imprisoned for no more than 20 years, or both.
- Section 409 – Real Time Issuer Disclosures: Organizations are required to reveal to the public in a timely manner any material changes in the financial condition or operations of the organization in the interest of protecting investors and the public.
- Section 906 – Corporate Responsibility for Financial Reports: The criminal penalty for certifying a misleading or fake financial report can be upwards of $5 million in fines and 20 years in prison.
What are the penalties for being non-compliant?
Formal penalties for being non-compliant with SOX can include fines, removal from listings on public stock exchanges and invalidation of D&O insurance policies. Under the Act, CEOs and CFOs who wilfully submit an incorrect certification to a SOX compliance audit can face fines of $5 million and up to 20 years in jail.
How Nemasis helps to achieve SOX?
Doubtlessly SOX compliance is a complex topic, one that can demand a considerable investment of time and money from unprepared firms. Thatâ€™s where Nemasis comes in. We at Nemasis offer powerful security solutions that increase the effectiveness of your internal IT controls. Nemasis offers you various solutions such as an affordable and easy-to-deploy virtual appliance for log management and monitoring, the cloud-based, security-as-a-service, and also an enterprise-level solution.
Nemasis-VA is our enterprise-level solution for larger organizations working in distributed networks. All our SOX compliance software products are scalable to grow with your organization and come with built-in SOX templates that make passing an audit easy.