The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as to improve the accuracy of corporate disclosures.
A SOX compliance audit of a company’s internal controls takes place once a year. An independent auditor must conduct SOX audits. It is the company’s responsibility to find and hire an auditor. To avoid a conflict of interest, SOX audits must be separate from other internal audits undertaken by the company. A SOX audit must involve a review of the company’s financials. Auditors must inspect previous financial statements to confirm their accuracy. It is ultimately at the auditor’s discretion whether a company’s financials pass. Any variance in the numbers of more than 5% is likely to set off red flags.
All public companies now must comply with SOX, in terms of both finances and IT.
SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS.
SOX is applicable to
– All publicly held American companies
– Any international companies that have registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC)
– Any accounting firm or other third party that provides financial services to either of the above
Formal penalties for noncompliance with SOX can include fines, removal from listings on public stock exchanges, and invalidation of D&O insurance policies. Under the act, CEOs and CFOs who willfully submit an incorrect certification to a SOX compliance audit can face fines of $5 million and up to 20 years in jail.
CompCiti Security Auditors helps businesses to comply with SOX requirements to avoid the risks and penalties by reviewing:
Contact CompCiti today for a free needs assessment. We’ll explain to you what you need to do for full DFS compliance and how we can help you every step of the way.