Keeping IT Secure and Complying with SOX

Posted by accountingweb on 215 printer friendly

As public companies scramble to meet the many layers of requirements contained in the Sarbanes-Oxley Act, information security is getting serious attention.

The Public Company Accounting Oversight Board (PCAOB) requires that companies and their auditors must maintain audit records for seven years. SOX carries heavy penalties for companies that destroy, alter or falsify business records, which include e-mail and instant messages. Section 802, for example, calls for fines of up to $1 million and prison terms of up to 20 years “for knowingly deleting an e-mail with the intent to impede, obstruct or influence a current or future federal investigation.”

Security Computing magazine reports that companies are mulling a “delete everything” policy when it comes to e-mail, or an approach that allows some e-mails to be deleted while others are saved.

Some experts are advising companies to save nearly all e-mail as a business record to protect against both federal audits and lawsuits. Many are using a third-party service that can store and retrieve the communications when needed, the magazine reported.

According to the Sarbanes-Oxley Compliance Journal, consistent security controls are needed not only to meet the SOX requirements, but to ensure that IT systems are working properly and are monitored for security violations.

While many organizations are starting to put well-documented IT security policies in place, many are not there yet, instead going through the time-consuming process of gathering the information needed. Some companies are automating IT controls, keeping in mind that controls must be “reasonable, enforceable and auditable,” the SOX Journal reported.

SecurityFocus columnist Mark Rasch wrote in The Register, the UK's biggest technology website, “The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant - but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data.”

Tags 
Sarbanes-Oxley
Technology

Voice of the Editor

What would you do if one of your clients won the lottery? We asked several accountants to weigh in with their advice for the lucky Powerball winner, and the tips we received are useful for anyone who receives a windfall, whether it's a lottery win, an inheritance, a big bonus on the job, or a killing in the stock market.
Read more
Gail Perry, CPA
Publisher/Editor-in-Chief, AccountingWEB
editor@accountingweb.com
ADVERTISEMENT

This Week on AccountingWEB

CPAs Mira Finé, Scott Hitchcock, Rob Keasal, Kathy Scorcio, and Ken Travis offer ten pieces of financial advice for the newest Powerball winner.
Hang Bower of BDO USA and Dan Black of Ernst & Young share their perspectives on why their firms made the Best Places to Work for Recent Grads 2013 list.
Herbein + Company, Inc. firm members talked with AccountingWEB about their year-round employee wellness program.
Bill Walter of Gross, Mendelsohn & Associates and Harold Gaar of TravisWolff LLP weigh in on mobile technology use while employees are at work.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT