Legal Law

Are there holes in your SOX? (Sarbanes-Oxley compliance for public and private companies)

Resume:

Enron’s illicit transgressions and others like them in the late 1990s led to the creation of regulations to standardize the reliability of financial institutions and public companies. Companies facing SOX compliance will need to consider the following: What are best practice processes, how do these processes differ from existing practices, how should new processes be implemented, and how can processes be balanced in the short term? with “longer term strategic goals”?

– – – – – – – – –

A world before SOX:

The corporate world had a rude awakening after a series of well-publicized corporate financial scandals. Many stories of embezzled corporate dollars emerged in the late 1990s involving companies like Enron, Tyco, and WorldCom. The legislation soon responded to the multitude of serious transgressions committed by the top management of the business world.

The offenses committed by these industry bosses ranged from extravagant multi-million dollar trips to exotic locals, large private gifts to spouses, and shuffling company funds to fund other investments. The corporate world needed to be held accountable for its misdeeds. SOX (Sarbanes-Oxley Act) or the Public Companies Accounting Reform and Investor Protection Act of 2002 came into being to improve corporate governance and help control possible future misdeeds.

2002 Sarbanes-Oxley requires publicly traded entities to define, evaluate and document the processes that lead to senior management accountability. SOX requires that substantial audits or verification controls be in place to ensure that top management is at fault for its financial actions.

Why should private companies care about SOX?

While SOX applies directly to publicly traded companies, private companies wishing to do business with companies listed on places like the NASDQ must also comply with Sarbanes-Oxley.

Many large public corporations will simply refuse to do business with private companies that do not comply with SOX. Private companies that want to do business with large public entities are now also involved in a SOX-compliant landscape.

SOX affects a wide range of industries that “touch” information from those traded companies, including, but not limited to, the following:

  • Lawyers
  • Accountants and audit firms who review the financial statements of the company.
  • Brokers or distributors and their employees
  • Security companies that handle electronic transactions
  • International companies operating in the United States

Acceptance of SOX by private companies is not a problem, as “73% of CEOs of private companies said that SOX has done at least a decent job to improve financial governance and transparency for public companies” (1).

Who is responsible for compliance with SOX communications?

SOX requires that incoming and outgoing correspondence be controlled. Depending on the structure of the company, communication exchanges may be overseen by Chief Compliance Officers (CCOs), Chief Information Officers (CIOs), and Chief Risk Officers (CROs). These executives are responsible for the security, accuracy, and reliability of the organization’s messaging and reporting systems.

Personal care organizations have policies set by their senior senior officials that describe what information may or may not be communicated outside of a department and outside of the organization. While these rules exist, companies often do not take the necessary steps to ensure that employees within the organization understand these rules and their importance.

What are the key elements of SOX related to electronic data storage and email security?

  • SOX Section 404: Spreadsheets and financial reports must be protected against accidental or deliberate falsification or redistribution.
  • SOX Section 409: Real-time disclosure of material affecting company finances must be reported within 48 hours.
  • SOX Section 802: Ensures that documents and records are not tampered with
  • SOX Section 1102: Corrupting, tampering, mutilating, destroying or concealing records are violations. Those guilty of obstructing an investigation or official proceeding will face 20 years in prison and fines.

The Sarbanes-Oxley Act focuses on the corporate governance, liability, and reporting practices of publicly traded companies. However, the law also affects private companies that could one day go public and those that do business with publicly traded companies.

What are the holes in your SOX compliance?

While sharing information online is a convenient e-commerce luxury, it also creates great vulnerability as information, data, and correspondence are exchanged from business to business. Email and data sharing can raise privacy and SOX compliance issues.

This erratic misuse of company information is not unique to US companies. The staff of 18% of large UK companies gained unauthorized access to information during 2005, according to the report. Nine percent of these large companies saw their staff misuse restricted information. (two)

How can your company sew its SOX holes?

Executive management seeking to comply with SOX must have the strength and commitment to strategic planning and execution of the directives of the Sarbanes-Oxley Act. The CEO, CFO, CCO / CRO and CIO of the company must cooperate and have exacting attention to detail when establishing policies to comply with SOX. The need to create and implement strong email and electronic data retention policies and online compliance with SOX has never been greater than in today’s fast-changing world of electronic business.

Email is not necessarily secure against interception. Whether or not the email is encrypted in transmission depends on your software. Therefore, our policy is not to send you emails that contain identifiable information about you, your home, or your business.

Andy Purdy, Acting Director of the Department of Homeland Security’s National Cyber ​​Security Division in a 2006 interview with CNET, identifies the importance of protecting a company’s important digital assets:


“Small and large businesses and government are important when it comes to reducing cyber risk. We are trying to educate partners on responsibility and the techniques that consumers can use to help protect their systems …”(3)

Before Sarbanes-Oxley, corporations saw gross abuse of executive power at the cost of serious business growth. Today, severe criminal and civil penalties will be imposed for violations of the securities law against companies that do not comply with SOX standards.

How can private companies thrive in today’s email connection arena, while still being SOX compliant? Introducing strong compliance policies in line with SOX, including firewalls, up-to-date virus protection, encryption, and email anti-theft measures, can help a company work cooperatively with publicly traded companies.

Benefits of email anti-theft software

Implement anti-theft email allows a company to grow in credibility, reputation and trust; all the factors that lead to an increase in clientele and income.

With security measures to maintain business correspondence and protect outgoing email, SMBs can be prudent with their technology budgets and well-armed with the tools and resources necessary to comply with the industry. Customers will feel more secure sharing their personal information with compatible SBM offices, paving the way for better and more secure communication.

– – – – – – – – – – –

Final notes:

1.) Rob Preston Information Week “Time to Regulate Regulations,” Feb. 27, 2006, pg. 78.

2.) BBC News, “Business Lax in Safeguards Against Identity Theft” March 16, 2006, BBC Online; URL:
http://news.bbc.co.uk/2/hi/technology/4809262.stm

3.) Joris Evers, “Newsmaker: Locking down America’s Net defense” February 16, 2006, CNet New.com – [http://news.com.com/Locking+down+Americas+Net+defenses+-+page+2/2008-7348_3-6040223-2.html?tag=st.num]

Leave a Reply

Your email address will not be published. Required fields are marked *