SOX Compliance
SOX Compliance
The Background
The Sarbanes Oxley Act, popularly known as SOX is one of the most important compliance requirements of publicly listed companies in the US. It is governed by the PCAOB (Public Company Accounting Oversight Board), which is an independent oversight body for SOX. SOX arrived in the wake of several scams such as Enron and WorldCom. These scams rocked the business world and caused a great deal of embarrassment for corporate America.
SOX was the brainchild of two US senators whose last names have been given to this Act. Their take on this was that, shareholders and the general public need to be able to reaffirm their faith in an organization's financial statements. This involved establishing accountability from the top management, as they had been intricately involved in the scams previously. SOX also provided auditors with the teeth to ensure that the organization's control environment was adequate to ensure the "true and fair" view of financial statements. The auditor assessing an entity for SOX needs to ensure that the environment in which Financials are prepared is secure and more importantly, an environment with controls which can be relied on to ensure the integrity of information and lastly make sure that the Financials are not misstated. To provide a “true and fair” view of financial statements, it must be ensured that the Internal controls in the environment they are processed are also of a certain quality for the auditor to trust the internal control. In the present day, internal control largely revolves around Information technology, as most information is initiated, processed and stored in applications and systems, so internal controls around these applications and systems becomes an important consideration.
Why we45?
we45 has a program that can be used to validate an organization’s Information Security for SOX compliance. Information Security Assurance can be achieved as part of the assessment of an organization’s Internal Control. SOX Compliance must be treated like any other security compliance which requires scoping of processes and applications affecting financial information, performing Risk Assessment, testing controls of the processes or applications and gap analysis. As you can see, this clearly involves issues like Firewall management, Application and Network security testing, Secure Application development, deployment and configuration, Network Change Management, Logging, Integrity Monitoring, Patching, AV and all the other IT security requirements which one can formulate through effective risk assessment and best practices. we45 delivers the most comprehensive consulting solutions to provide assurance for the Information Security practices, which is an integral part of achieving SOX Compliance.