How to Survive SOX Compliance Updates
Financial scandals that occurred at Enron, WorldCom, Tyco and other businesses served as catalysts for creating laws to improve corporate governance and accountability. One such law, the Sarbanes-Oxley Act (SOX), was designed to protect shareholders and the general public from accounting errors and fraudulent practices, and improve the accuracy of corporate disclosures. As a result, all public companies must comply with SOX on both the financial side and IT side. However, with increasingly complex and often-changing laws and regulations, it can sometimes be difficult to dedicate the time required to ensure SOX compliance in all areas. Keep these tips in mind to stay compliant with SOX regulations.
Management of Electronic Records
To comply with SOX, IT departments need to create and maintain an archive of company records. Their methods must be both cost effective and in compliance with the legislation requirements. For instance, there are rules and penalties regarding the destruction, alteration, or falsification of records. There also is a set retention period for storing records. Best practices include securely storing business records using the same guidelines as public accountants. Additionally, there are rules about the type of business records that must be stored, including communications and electronic communications. Your company must adhere to all of these rules to avoid penalties.
Security Controls
Having security controls in place helps your company remain SOX compliant. Your financial information is ensured to be accurate and protected against loss. Implementing best practices and using appropriate tools helps you to automate SOX compliance and reduce SOX management costs. For instance, data classification tools can automatically spot and classify data when it is created and apply consistent classification tags to the data. Solutions that are context-aware can classify and tag cardholder and other financial data, social security numbers, and other structured and unstructured data that is regulated.
Data Protection
Data classification lets security teams monitor and enforce company policies for handling data. Data may need to be encrypted, compressed or saved to a different file format, depending on its sensitivity and applicable compliance regulations. Enforcing proper policies can safeguard shared data and prevent unauthorized users from viewing regulated data or copying to removable storage devices.
Audits
An appropriate software solution should be used to demonstrate SOX compliance. Proper software can monitor data, enforce policies, and log every user action. Evidence trails will show that written controls are in place, communicated and enforced.
Survive SOX Compliance With Help From Marco Management Solutions
Marco Management Solutions specializes in the placement of senior finance, accounting, program and project management professionals on a project, interim or consulting basis. As a division of Marco & Associates, Chicago’s leading accounting and finance recruiting and consulting boutique, we connect companies like yours with professional accounting and finance experts in all industries. Contact us today to see how we can fill your staffing needs.
