Skip Navigation LinksHome > IT Consulting > SOX / HIPAA Compliance Consulting > Sarbanes-Oxley Compliance
IT Consulting Sarbanes-Oxley Compliance
IT Consulting News
 
» PlanetMagpie CEO Quoted on Mobile Trends in NY Times
» VoIP Could Replace Traditional Telephony - Broadband Finder
» 2010 Tax Relief Act Information for IT Purchases
  
 
WOOF!
From Our IT Consultants: What to Know Before You Write Your 2012 IT Budget
From Our W3 Team: PlanetMagpie's Annual Website Portfolio Edition (2012)
From Our Network Support Technicians: 10 Things to Know Before Moving to Office 365
 
PlanetMagpie's Complete IT Start-Up Services
 
Utilize the one-and-only company that can provide your new company with ALL of its IT, telecom, and web needs. We'll get you off the ground fast with the most reliable and extensible hardware and software systems. Micorosoft's cutting edge telecom solution (OCS) and an award-winning identity campaign and website. READ MORE »
»  DOWNLOAD DATASHEET
ASK MAGPIE!
Ask Magpie! Stolen Web Content
Magpie, WOOF!

Magpie, we think someone's stolen our web content & put it up on their site. What do we do? Report them! You can report stolen content under the DMCA. We have instructions here, and what you'll need to do to save your content. read more »

Click here to have your question answered

SOX 404 and PlanetMagpie's SOX Services

If you have a company that's gone public or will go public, the Sarbanes-Oxley Act affects you. Named after Senator Paul Sarbanes and Representative Michael G. Oxley, the act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002) became a law in July 2002 in response to the Enron scandal and other examples of unethical behavior in the business community.

The act imposes strict financial reporting requirements on publicly traded companies, holding them to a new level of accountability. Those companies must implement, if not already in place, policies and controls that demonstrate to investors the use of best practices in managing financial systems as well as in protecting corporate data and access to that data

IT systems are the tool with which companies manage financial systems. That means, given the law, systems are to be audited and companies must remediate issues to meet the spirit of the law. Checking compliance usually falls to third party auditors from well-established accounting firms.

302, 404 and 409: Numbers that Will Impact Your Business

The Sarbanes-Oxley Act features numerous sections; however, three of them—302, 404 and 409—offer the greatest potential impact on companies and how the companies conduct business.

Section 404 requires an Internal Control Report to be included in all annual financial reports. Created by a company's auditor, the document must present management's assertions about the design and operational effectiveness of internal controls at year end. Management must also evaluate the effectiveness of internal controls over financial reporting and disclosure controls on a quarterly basis.

With Section 302, the CEO and CFO of a company are responsible for the accuracy, documentation and submission of financial reports and internal control structure to the SEC. Certifications signed by those two principal officers must be included in the annual or quarterly reports.

Information must be accumulated and summarized for timely assessment and disclosure in accordance to the SEC's rules and regulations. When Section 404 compliance is required in about a year, companies must be able to disclose on a near real-time basis—up to 48 hours—any changes in their financial condition or operations.

Section 404 and IT

In general, Section 404 is the tallest mountain to climb, with key areas regarding IT controls:
  • Change Management
    Companies must provide visibility over changes in the IT environment and enable the ability to initiate, authorize, manage and implement all IT changes through a systematic change process.
  • Backup
    A process must be deployed to identify critical data and to duplicate, store and recover data as needed.
  • Security
    A process must be deployed to ensure the integrity of information and secure applications, databases, operating systems, internal network access and perimeter network.
  • Documentation
    Companies must deliver thorough documentation to cover change management, back up and security policies and processes.
  • Remediation
    Companies must have solutions to fill gaps in change management, backup and security.
>> Read our FAQs about Sarbanes-Oxley Compliance here.

>> Contact PlanetMagpie
Real Time Analytics