PassGo.com
PassGo is now a part of Quest Software
HOME | COMPANY | CONTACT US
  UNIX Privilege Manager Home Compliance The Sarbanes-Oxley Act
 
Buy UPM
Purchase UPM
PassGo newsletter
Enter E-mail
Most popular download
UNIX Privilege Manager Product Overview
Download the PDF

The Sarbanes-Oxley Act

Sarbanes Oxley sets out new standards and penalties for corporate wrong-doing and strengthens existing standards. The Act comprises 11 titles which lay out auditor and corporate responsibilities, financial disclosure regulations, and penalties for white-collar crimes.

The following sections are of particular interest to IT Executives:

  • Section 302 may initially seem simple but is actually very complex. It requires corporate officers to attest to the accuracy of quarterly and annual reports including making representations about the strength of financial controls. This attestation removes any "I didn't know" defense for these officers as they must:
    • confirm that they have reviewed the report
    • confirm that it is true
    • confirm that it fairly represents the financial condition of the company and they know this to be true because:
      • they have accepted responsibility for internal controls over their financial processes
      • they have designed controls that ensure that material information reaches them
      • they have personally evaluated the effectiveness of these controls

  • Section 404, which requires an annual assessment as to effectiveness of internal controls in financial reporting. To comply with Section 404 companies must:
    • assess whether their processes for working with financial data are established, documented, and structured to contain controls against risk.
    • do the same for information systems that manage financial data.
    • assess whether they have adequate security controls to ward off theft or corruption of data
    • determine whether their employees' roles, responsibilities, access rights, and permissions could allow material fraud or misrepresentation of financial data.

  • Section 802, which ensures authenticity of records and records retention. To comply with Section 802 companies must not:
    • knowingly alter or destroy audit documents
    • knowingly conceal, cover up or falsify audit records
      Audit documents and records can be:
      • workpapers, documents that form the basis of an audit or review
      • memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review

CEOs and CFOs must place a high degree of trust in their IT systems, staff and processes which have a bearing upon corporate financial data, as ultimately they are responsible for ensuring stringency of internal controls.


SOX explained
SOX / BASEL II Resource Center
UPM Compliance Whitepaper
       
 Home | About PassGo | Contact us
© Copyright PassGo Technologies 2001-2008
PassGo
PassGo is now part of Quest Software Quest Software