The Sarbanes-Oxley (SOX) Act of 2002

In light of the massive financial fiasco of companies such as Enron, WorldCom (and many more), and the loss of investor confidence that ensued, the US Government implemented the Sarbanes-Oxley Act (SOX) in 2002.

Their company records were audited to present proof that the records and financial statements were a "true and accurate" reflection of the companies financial status. In reality the companies were nothing like the picture they painted. Investors, Business partners, and worse yet employees were on a run away train out of control, while senior management was living high.

Due to the misrepresentation of records, SOX came into being. The act would require not just financial proof that the records were accurate, but demanded the CEO and CFO to be held accountable and liable for any mis-conduct under their watch. This shook businesses to the core. For once someone was going to pay for mis-conduct, whether their own, as with Enron, or ill-intended employees below them.

SOX called for ALL business records, not just financial, like receipts, but communication records or electronic messages such as memos, emails, notices and reports to be retained, and proven to be unchanged, for a minimum of five years. This sent IT departments in a spin trying to meet the new demands, senior management was demanding instantly. It was their neck on the block "to coin a phrase". For once IT and financial management had a common focus.

To shed further light on the subject, let us look at rule of SOX:

Sec. 802(a) - "Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both."

Sec. 802(a)(1) - "Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C 78j-1(a)) applies, shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded."

Sec. 802(a)(2) - "The Securities and Exchange Commission shall promulgate, within 180 days, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review."

Sox is implemented and with full force and holds Senior Management accountable.
Don't become a needless victim. Let an outside security organizations investigate you before the SEC intervenes!

Related Links

http://www.isaca.org/

http://www.issa.org/

http://www.sarbanes-oxley.com/

http://isaca.org/cobit/

http://www.cert.org/

http://attrition.org/dataloss/