Sarbanes-Oxley Act - Security is more than an IT issue.
When Congress enacted the Sarbanes-Oxley Act of 2002, its goal was to crack down on corporate and accounting fraud by placing new requirements on executives, directors, auditors, attorneys and securities analysts. A key provision of the Sarbanes-Oxley Act, and one that raises the level of personal risk to executives, is Section 404. It requires each annual report to contain a statement of management's responsibility to establish and maintain an adequate internal control structure and procedures for financial reporting. It also calls for a self-assessment of risks for business processes that may affect financial reporting

Since the integrity of financial information rests on controls within a company's IT domain, an infrastructure that supports enforceable policies and best practices is required to ensure compliance. But where does a company start? To avoid unnecessary costs, accelerate the time frame for readiness and provide a thorough accounting of your business risks, the first step should be to have an unbiased security review by an outside consulting firm.

A security assessment will define where your weaknesses are, what is required to comply with Section 404, and provide a plan to remediate deficiencies.

For information on NCX Group's Secure24 Comprehensive Security Review, please click here.

The Sarbanes-Oxley Act requires all publicly traded companies to document their internal accounting controls and attest to their accuracy. The Act centers on enhanced standards for corporate accountability, which is aimed at restoring corporate confidence after the highly publicized accounting scandals of major corporations.

	Who is Affected? All publicly traded companies.
	What's Covered? The bill protects investors and shareholders from executive fraud by requiring stricter standards for corporate accounting.
	Key Dates - Section 404 new extended dates for compliancy November 15, 2004 Compliance for large publicly held companies July 15, 2005 Compliance for smaller U.S. companies and foreign-owned companies
	Penalties for non-compliance Penalties differ depending on the section violation. Penalties range from fines to imprisonment of up to 20 years for anyone who alters, destroys or mutilates any record or document with the intent to impede an investigation.
	What can you do? Improving your network security is always cheaper than reacting to a security breach. Understanding and controlling the threats to your confidential financial information requires continuous risk management. Key aspects of mitigating these risks are: Obtain regular independent information security evaluations. Implement controls that assess information security risks. Document and review information security processes.
	Other Sarbanes-Oxley Resources These links will open in a new window Sarbanes-Oxley bill summary and status Final Act - PDF format Section 404 - Internal Control Provisions defined by SEC

This information is provided as a service based on NCX Group's interpretation of the Sarbanes-Oxley Act of 2002. NCX Group, Inc. assumes no liability for any errors, omissions or misinterpretations arising from this information. Always consult an attorney for specific legal information.

Return to Security Compliance Home Page