Keeping IT Secure and Complying with SOX

As public companies scramble to meet the many layers of requirements contained in the Sarbanes-Oxley Act, information security is getting serious attention.

The Public Company Accounting Oversight Board (PCAOB) requires that companies and their auditors must maintain audit records for seven years. SOX carries heavy penalties for companies that destroy, alter or falsify business records, which include e-mail and instant messages. Section 802, for example, calls for fines of up to $1 million and prison terms of up to 20 years “for knowingly deleting an e-mail with the intent to impede, obstruct or influence a current or future federal investigation.”

Security Computing magazine reports that companies are mulling a “delete everything” policy when it comes to e-mail, or an approach that allows some e-mails to be deleted while others are saved.

Some experts are advising companies to save nearly all e-mail as a business record to protect against both federal audits and lawsuits. Many are using a third-party service that can store and retrieve the communications when needed, the magazine reported.

According to the Sarbanes-Oxley Compliance Journal, consistent security controls are needed not only to meet the SOX requirements, but to ensure that IT systems are working properly and are monitored for security violations.

While many organizations are starting to put well-documented IT security policies in place, many are not there yet, instead going through the time-consuming process of gathering the information needed. Some companies are automating IT controls, keeping in mind that controls must be “reasonable, enforceable and auditable,” the SOX Journal reported.

SecurityFocus columnist Mark Rasch wrote in The Register, the UK's biggest technology website, “The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant - but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data.”

You may like these other stories...

In the old days, we used to tape down receipts from our travels and submit them to accounts payable. But that was before remote employees who may live in a different city from the home office. And of course, there's all...
In 2011, electrical services and technology provider Parsons Electric in Minneapolis, Minn., decided to take its accounting to the cloud. Monica Ross, the company's director of strategic projects, talked with AWEB about...
Event Date: July 24, 2014, 2 pm ET In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.