Sarbanes Oxley (SOX) compliance
The Sarbanes Oxley Act
The Sarbanes Oxley Act,
also known as the Public Company Accounting Reform and Investor Protection Act of 2002
and commonly called SOX was signed in July 2002 following a series of high profile scandals,
for example Enron and Tyco International.
SOX purpose is to protect stock owners by improving the accuracy and reliability of corporate information made public.
Sarbanes Oxley (SOX) imposes severe penalties for non-compliant officers or companies.
Who are affected by Sarbanes Oxley (SOX)?
Companies that are publicly traded in the United States are subject to Sarbanes Oxley or SOX, including all their divisions and
wholly owned subsidiaries. Also affected are any non-U.S. public multinational companies doing business in USA.
Any private firm may wish to comply with the SOX financial framework requirements in preparation for an
initial public offering (IPO), for private funding, or for achieving a "best practices" benchmark. However, this is not mandatory.
The financial reporting processes of almost all organizations are driven by IT systems.
CIOs (Chief information officers) are responsible for the compliance meaning the accuracy, security and reliability of systems that manage and
report the financial data.
The SEC, the Securities and Exchange Commission, identifies the
COSO,
Committee of Sponsoring Organizations of the Treadway Commission, framework by name as a methodology for
achieving SOX compliance. The COSO framework defines five areas, which when implemented, can help support
the compliance requirements as set forth in the Sarbanes Oxley legislation.
These five areas and Special Operations Softwares' interpretation of their impacts for the IT Department are as follows:
Risk Assessment.
For Sarbanes Oxley compliance, IT Management must understand the security risks in their network.
Systems and information needs to be properly protected.
Specops Password Policy will be your Password Policy
enforcer and help you get a more secure Windows environment and thus prevent the wrong persons to access critical
information.
Control Environment.
For Sarbanes Oxley compliance, deployment teams need to better understand the entire software deployment (design-quality assurance-information gathering-deployment)
lifecycle in order to reach a more controlled environment.
Specops Deploy will help you with all your deployment issues while
Specops Inventory will help with quality assurance and information gathering.
Control Activities.
For Sarbanes Oxley compliance, document your business processes, system usage rules and create audit trails, especially for all systems
working with financial information.
Specops Inventory will help in constantly gathering
information from all desktops and servers in the your network making it easier to comply with this control.
Monitoring.
For Sarbanes Oxley compliance, the High risk areas within the IT organization needs to be constantly audited, both by IT employees and external personnel. IT Management are responsible
of understanding the outome of each audit.
Specops Inventory will help in always have accurate information gathered from all desktops and servers in the network making you always ready for an audit.
Information and Communication.
For Sarbanes Oxley compliance, IT Management needs accurate timely information in order to identify and address areas of risk.
IT Management should constantly present information to the company managment what needs to be done.
Use Specops Inventory for information gathering and flexible reporting and
Active Directory Janitor for having clean and accurate information in your Active Directory. |
|
|
|
|
