Accountants must ensure that their IT infrastructures are SOX compliance if they want to pass the required third-party audit.
Accountants who work with publicly owned companies should be familiar with the Sarbanes-Oxley Act (SOX). In light of the financial scandals of the late 1990s and early 2000s, this law is designed to ensure that investors have access to the reliable data that they need to make informed financial decisions. In today’s digitally driven world, accountants working with publicly owned companies must ensure that their IT infrastructure is SOX-compliant if they want to avoid hefty fines.
How Does SOX Influence Accounting IT Best Practices?
For accountants working with publicly owned companies, ensuring that their chosen IT infrastructure meets SOX regulations is a must. SOX significantly changes the way that accountants are required to present data to the boards of publicly traded companies. The Act places emphasis on the use of approved IT to assist in the publication and presentation of financial information. Among other components, SOX requires the use of dynamic reporting requirements, including:
- The proper oversight of data;
- Off-balance-sheet transactions;
- Pro-forma figures; and
- Stock transactions of corporate officers.
In short, SOX provides the foundational guidelines needed for the proper use of IT to deliver financial data oversight for publicly owned companies.
What Does It Mean To Be SOX Compliant?
SOX compliance will require accountants to meet a certain number of regulations, including:
- Reporting all numbers to the Securities Exchange Commission (SEC);
- Actively working to reduce “corporate scandals,” by reporting the correct financial data to public boards;
- The proper use of IT to avoid “cooking the books” and for use in the justification of stock prices or company worth;
- The creation and proper maintenance of a secure computing system;
- Correct use of privacy protocols within the computing system to securely transfer financial information directly to the accountable parties, such as the company officers; and
- The use of a computing system that meets the requirements of a SOX third-party auditor.
In preparation for a third-party audit, accountants will need to ensure that their IT infrastructure complies with a number of conditions. To begin with, the IT framework must be physically secure, while also using an identity-based security system. The IT structure, or database, must also meet the confidentiality requirements of SOX Article 404. A firewall should also be used to protect the servers and their data from cyber threats. Besides, the server data should be encrypted to mitigate the risks associated with a cyber theft.
Only individuals who have the right credentials should be able to access the financial data. In this vein, there shouldn’t be a weak link that allows a person to access data outside of their clearance level. Also, services should be isolated to ensure that a compromised service can’t successfully compromise another service or component of the IT infrastructure.
The moral of the story is clear, accountants working with publicly owned companies must take the time needed to ensure SOX compliance or suffer the consequences of a SOX violation. If you want to avoid the risk of a failed SOX third-party audit, contact CTC Networks located in Nashville, Franklin and Middle Tennessee via firstname.lastname@example.org or (615) 550-0020. Prepare your IT infrastructure, resolve potential security threats, and remain SOX compliant today.