SOX 404

Avoid SOX 404 Infractions

Section 404: The most complicated, most contested and most expensive section of SOX

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the generalpublic from accounting errors and fraudulent practices in the enterprise, as well as to improve the accuracy of corporate disclosures. 

SOX Section 404

SOX  Compliance  Audit            


A SOX compliance audit of a company’s internal controls takes place once a year. An independent auditor must conduct SOX audits. It is the company’s responsibility to find and hire an auditor. To avoid a conflict of interest, SOX audits must be separate from other internal audits undertaken by the company. A SOX audit must involve a review of the company’s financials. Auditors must inspect previous financial statements to confirm their accuracy. It is ultimately at the auditor’s discretion whether a company’s financials pass. Any variance in the numbers of more than 5% is likely to set off red flags.

Sarbanes-Oxley (SOX) 

All public companies now must comply with SOX, in terms of both finances and IT.

  1.   RULES REQUIRED – The Commission shall prescribe rules requiring each annual report of Security Exchange Act to contain an internal control report, which shall—
    •   State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
    •   Contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
  2.   INTERNAL CONTROL EVALUATION AND REPORTING —With respect to the internal control assessment, each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Who Is Affected?

SOX is applicable to

–  All publicly held American companies
–  Any international companies that have registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC)
–  Any accounting firm or other third party that provides financial services to either of the above


Formal penalties for noncompliance with SOX can include fines, removal from listings on public stock exchanges, and invalidation of D&O insurance policies. Under the act, CEOs and CFOs who willfully submit an incorrect certification to a SOX compliance audit can face fines of $5 million and up to 20 years in jail.

How  CompCiti  Can  Help?

CompCiti Security Auditors helps businesses to comply with SOX requirements to avoid the risks and penalties by reviewing:

  • IT security policies
  • Access Controls
  • Data Backups
  • Change Management process

About  CompCiti

CompCiti Business Solutions, Inc. provides clients what few other IT companies in New York can: expertise and insights developed since business networking began. CompCiti’s focus on cybersecurity and cyber management services set it above other business network services. CompCiti secures networks and other IT systems against all cyber threats including viruses, hackers, and ransomware. Cybersecurity, networking, and managed IT services, all supported by 24/7 emergency service since 1996.

Contact CompCiti today for a free needs assessment. We’ll explain to you what you need to do for full DFS compliance and how we can help you every step of the way.