Overview#Sarbanes-Oxley Act is a United States Federal Law (Pub.L. 107–204, 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability and Responsibility Act" (in the House) and more commonly called Sarbanes-Oxley Act or SOX, is a United States Federal Law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms.
There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.
Sarbanes-Oxley Act was created as a result of a series of corporate financial failures caused by illegal corporate activities hidden behind financial misstatements and fraud. The Act makes executives personally liable for both the accuracy of financial statements and a statement that mechanisms and practices underlying the financial report are trustworthy.
Sarbanes-Oxley Act requires effective Information Technology controls and processes for validating the integrity of annual financial reports.
In very basic terms preparing to meet SOX regulations, organizations should be able to answer the following questions confidentiality:
- Can you clearly state who all your users are
- Do you know what they have access to
- Can you show all the interactions among users, assets and applications?
- Do you have verifiable evidence that controls are working
- That you took appropriate action when a policy infraction occurred
- Can you provide it in minutes rather than months?