|
New IT requirements have emerged as a result of government regulations and increasing overall scrutiny.
The Sarbanes-Oxley Act of 2002 formalizes corporate accountability for complete and accurate financial reporting and disclosure of internal business controls and processes. All public companies — and many private
organizations — are affected by these regulations. Even international organizations that are simply partnering with firms listing in the U.S. may have requirements to comply with.
Sarbanes-Oxley and similar acts introduced by the U.S. Securities and Exchange Commission are based on three core mandates:
- Record Retention and Retrieval
- Auditable Processes
- Real-Time Reporting
Record Retention and Retrieval
Section 103 of the Sarbanes-Oxley Act specifically states that all relevant audit-related documentation must be retained "for a period of not less than 7 years". IT departments must implement data storage solutions to preserve data assets: audit work papers, communications, contracts, policies, authorizations, verifications, recommendations, performance reviews and financial data.
Auditable Processes
Sarbanes-Oxley Section 302 calls for principal executive and financial officers to personally certify financial reports. The inability to face challenges such as employee training and compliance can put officers at risk of fines and imprisonment. With advanced knowledge-base solutions, internal audit processes and compliance guidelines can be documented, stored and easily disseminated throughout the enterprise.
Real-Time Reporting
SOX Sections 408 and 409 call for real-time disclosure of all financial data on a "rapid and current basis". When auditors and compliance officers request specific information for their research, IT departments are expected to provide complete and relevant data within aggressive deadlines.
Download the Sarbanes-Oxley Act (pdf)
|
