ACHIEVING SOX COMPLIANCE WITH MANAGED SECURITY SERVICES
The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002, establishes new standards for all U.S. public company boards, management, and public accounting firms. SOX requires these companies implement financial reporting controls that ensure the accuracy of the financial information they provide to investors.
The Public Company Accounting Oversight Board (PCAOB), a new quasi-public agency established by SOX, is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. It also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
Within this context, Section 404 of the Sarbanes-Oxley Act states that on an annual basis, CEOs and CFOs must confirm that the company’s control environment is adequate to ensure the overall integrity of its financial information and that its environmental processes and procedures are adequately documented and effectively communicated. While this section fails to specify what IT needs to do to comply, the majority of auditors have adopted the Control Objectives for Information and related Technology (COBIT) framework which is published by the IT Governance Institute.