During a time when names like Enron, WorldCom, Arthur Andersen, and Tyco were making headlines in the news, Maryland Democratic Senator Paul Sarbanes and Ohio Republican Congressman Michael Garver Oxley were working feverishly to come up the Sarbanes Oxley Act of 2002 (SOX). SOX is a legislation passed by the United States Congress that requires publicly held companies to undergo strict audits on financial information and internal controls. These audits do not necessarily mean a company is incorrect in its accounting processes. The act was passed on July 30, 2002, in the wake of the Enron, Worldcom, Tyco International and other high profile corporate scandals.
SOX was designed with the goal of implementing accounting and disclosure requirements that increase transparency in corporate governance and financial reporting and formalise a system of internal checks and balances. SOX is applicable to:
- All publically held American companies
- Any international companies that have registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC)
- Any accounting firm or other third party that provides financial services to either of the above
SOX Section 302 relates to a company’s financial reporting. The act requires a company’s CEO and CFO to certify that all records are complete and accurate.
SOX Section 404 stipulates further requirements for the monitoring and maintenance of internal controls related to the company’s accounting and financials. It requires businesses to have an annual audit of these controls performed by an outside firm. Section 404 of Sarbanes-Oxley requires a company’s senior management to assess the design, operating effectiveness and adequacy of internal controls over financial reporting. It compels management to issue an annual report that, in part, addresses any material weaknesses in the company’s internal controls. It also requires an external auditor to attest to management’s assertions.
An organisation needs to understand which sections of the act have clear implications for data management, reporting and security in order to adhere to SOX compliance.
Risk Advisory Supervisor, Johannesburg