The Sarbanes-Oxley Act (SOX Act) is a federal law created in the United States in response to accounting crises at numerous significant firms, including Enron and WorldCom, in 2002. The law aims to increase publicly traded corporations’ financial reporting accuracy and dependability.
The SOX Act has come under fire for the costs businesses must incur to comply with its strict regulatory standards. However, advocates believe it has helped restore investor trust in financial markets as SOX controls and establishes new and improved standards for public corporations and accounting firms, including obligations for the following:
- Corporate governance: According to the act, firms must have an independent board of directors and audit committees comprised of independent directors.
- Financial reporting: Under the act, corporations must disclose financial information promptly and correctly, and top executives must certify financial reports’ accuracy.
- Internal controls: Under the act, firms must develop and maintain internal controls over financial reporting, and auditors must certify the effectiveness of those controls.
- Protections for whistleblowers: The act protects employees who disclose suspected fraud or other violations of securities laws.
The SOX Act also created the Public Company Accounting Oversight Board (PCAOB) to oversee public company audits and impose criminal penalties for specific misbehavior by business executives and directors.
Information Technologies’ Role In Compliance With SOX
Information technology (IT) is critical for complying with the Sarbanes-Oxley Act (SOX) because it supports financial reporting accuracy and reliability requirements, internal controls, and whistleblower protections.
The following describes the role of IT in those specific aspects:
- Financial Reporting
A company’s chief executive and financial officers are ultimately responsible for the accuracy of financial reporting and the internal controls of the accounting systems. The role of IT is to automate processes, ensure data accuracy, and provide timely reports using these systems.
IT systems can manage and report financial information, including general ledger, accounts receivable, accounts payable, and payroll systems. An audit report must be written so that auditors and executives are updated.
- Internal Controls
To comply with SOX, IT is responsible for providing real-time reporting on internal controls. IT systems can support the design and implementation of internal controls over financial reporting. For example, IT can help ensure the accuracy and completeness of data, prevent unauthorized access to systems and data, and provide an audit trail of transactions.
- Whistleblower Protections
IT technologies can be used to set up anonymous reporting channels and protect the identities of whistleblowers. IT controls can also help guarantee that reports are correctly examined and addressed.
- Data Retention And Retrieval
IT systems can help to keep financial records and electronic communications. All physical and electronic communications and financial records must be kept for at least five years and made available to external auditors. Archiving emails, instant messaging, and other electronic interactions that may be significant to financial reporting are included.
The IT staff protects these records through internal automatic backup processes and ensures that document management systems function correctly. In addition to limiting access to these documents, IT professionals are responsible for monitoring their availability when moving from archaic tape-based systems to cloud backups.
- Audit Support
IT systems can help external auditors by providing access to financial data and associated paperwork. They also automate audit testing methods.
To summarize, IT is important in SOX compliance because it ensures the accuracy of audit reports. Companies must ensure that their IT systems and controls are correctly developed, implemented, and maintained to enable SOX compliance.
- Real-time Disclosures From Issuers
Under SOX compliance, a public company’s financial performance requires prompt disclosure of material information. In the event of a merger, acquisition, bankruptcy, the dissolution of a major supplier, or a debilitating data breach, a business must immediately notify its stakeholders and the general public.
A company’s IT department must provide SOX compliance software with alert mechanisms that may trigger this timely disclosure requirement and systems that alert shareholders and regulators to any changes in financial statements.
IT is critical in assisting an organization’s journey toward SOX compliance. Companies should know about corporate governance and do proper documentation and evaluation, identify and document their IT controls, evaluate their effectiveness, and continuously monitor them. All these help provide corporate accountability for financial reporting and real-time disclosures from issuers.
This necessitates a considerable time and money investment and specific knowledge of IT and internal controls. Companies may employ IT tools and software to automate operations and streamline documentation and testing methods to achieve SOX compliance.
Finally, effective IT utilization can assist businesses in achieving and maintaining SOX compliance and improve the accuracy and reliability of their financial reporting.