The year 2002 has redefined Compliance management scenario in the United States with the passage of Sarbanes – Oxley Act (SOX). The events leading to SOX Act was serious high stakes financial scandals that occurred at WorldCom, Enron, and Tyco, among others. The SOX Act is seen as a protection of shareholders and the general public from business accounting errors and fraudulent activities. The Act was designed to improve corporate disclosure accountability and transparency hereby improving corporate governance across the organization.

With SOX Act, all public companies now have to comply with it on financial and IT end. The data storage nature by IT has also changed with SOX with Act defining which records need to be stored and timeline for the storage. Complying with SOX requires businesses to save all data records, not limited to electronic records and messages, for “not less than five years.” Non-compliance with SOX leads to fines or imprisonment or both.

Electric Record Management Rules

IT department is responsible for creation and maintenance of corporate records. The department should comply with Act in a cost-effective way. According to Sec 802, Criminal Penalties for Altering Documents in SOX Act, the penalties for anyone involved in the destruction, alteration, or falsification of records would be hefty fines or imprisonment, not more than 20 years or both. The second rule under Sec 802 SOX Act defines the data storage retention timeline. Some generally accepted retention period under SOX is listed below.

The third rule under Sec 802 of SOX Act defines business records, communications, and electronic communications that need to be stored.

SOX Compliance Controls

Establish security controls in place so as to ensure safety and accuracy of data. There is a major overlapping of Data governance and Sox Compliance as both works towards safety and accuracy of data within the organization. Data mapping and classification tool help in tracking the data whereabouts and usage.

SOX Compliance Audits

An independent auditor conducts SOX audits on annual basis. SOX audits have to be separate from other external and internal audits to avoid any conflict of interest. However, one can time the audits with other audits so as to be able to include it in their financial annual reports, thus having transparent communication with their stakeholders.

SOX Software Solution

Implementing a software solution for managing compliance requirements would monitor data, track policies and its timelines and record every user action. With evidence trails captured in the system, it would ensure the proper investigation in case of any fraudulent activity. Implementing a software solution that ensures SOX compliance would protect data and business and ease the SOX audit process carried out annually.

VComply helps the organization in tracking SOX Controls on a single platform with real-time tracking and in-detailed analysis.

To read more about regulatory compliance, click here.

The post Your Guide to become SOX Compliant appeared first on The Compliance Blog - Compliance. Simplified..