Choose a regulation;
Sarbanes
Oxley Act of 2002 (SOX)
Gramm-Leach-Bliley
Act (GLBA)
Health Insurance
Portability and Accountability Act (HIPAA)
Children’s
Online Privacy Protection Act of 1998 (COPPA)
ISO17799
& BS7799
Common
Criteria (ISO15408)
Data Protection
Act (DPA)
Freedom Of Information
(FOI)
Basel II Capital
Accord
Related Links;
What
can companies learn from the Sarbanes-Oxley Act?
Continental
Compliance
The
Cost Of Compliance Can Only Go Up
|
|
Navigation * Home
/ Consultancy
/ Sarbanes Oxley Act of 2002 (Sox)
Sarbanes Oxley Act of 2002 (Sox)
The Sarbanes-Oxley Act of 2002 was enacted to improve
corporate governance, restore investor confidence and promote ethical
business practices.
Senior executives of any publicly-traded company
must now attest to their company’s internal controls and certify
the accuracy of their financial statements. Information security
has become a critical element in complying with this legislation
and without proper security measures in place, it is virtually impossible
for CEOs and CFOs to sign off on their books with confidence.
Specific sections of SOX are especially pertinent
to securing an IT infrastructure such as: §302 – requires
strong data controls to prevent unauthorized modification of data
using integrity controls, §404 – calls for effective
access control software and policies to disable employees and other
individuals from gaining unauthorized access to data not intended
for them, §409 – requirements are tied to data quality,
such as timeliness and accessibility.
Sarbanes-Oxley was motived by the never-ending
waves of corporate financial scandals (Enron, Arthur Andersen, WorldCom,
etc) and is named after the two sponsoring congressmen, Senator
Paul Sarbanes and Representative Michael Oxley.
The most important provisions of Sarbanes-Oxley
include:
- Accelerated reporting of trades by insiders
- Public reporting of CEO and CFO compensation and
profits
- Auditor independence and a prohibition on audit
firms offering value-added (read "conflict of interest")
services
- Companies are now required to have an internal
audit function, which must be certified by external auditors
- Certification of financial reports by CEOs and
CFOs
Converting Financial Controls
into Calculated Gains
BII Compliance services are designed to address enterprise-wide
Sarbanes-Oxley compliance requirements and transform them into competitive
advantage.
Companies can better manage risks and create a solid financial management
environment with SOX compliance to strengthen their internal controls
structure.
BII Methodology for Sarbanes-Oxley
Compliance:
Internal Controls Analysis – An
initial study of the existing internal controls that documents financial
controls activities throughout the compliance cycle.
Strategy – A step-by-step action
plan that addresses the key challenges of on-going compliance, resource
planning, project schedules and cost estimates.
Internal Controls Documentation –
An important activity that details the business processes and reviews
the overall effectiveness of the financial control environment and
defines risk management procedures.
Testing – Enabling organisations
to test run all possible identified controls to ensure effectiveness
of controls and enable management to take corrective measures.
Implementation – A comprehensive
process of implementing tested internal controls and systems.
Tools for Remediation – If any
omissions or flaws are discovered while testing financial controls,
BII will introduce patch solutions/applications such as alert management
tools.
Reporting and Management – Recording
a complete scenario of compliance evidence on internal controls
application. Seek consent across the enterprise on approach, methodology
and implementation of the project
Please contact
us for more information on Sarbanes Oxley Consultancy, Solutions
and training
|
