From Financial Reporting to Cyber Security: Expanding SOX Compliance

SOX, initially aimed at addressing corporate fraud and improving financial reporting accuracy, has expanded to include broader IT and cybersecurity concerns due to the vital role of information systems in financial reporting. From a cyber security perspective, limiting access to financial data, along with the systems that encircle the data, is the overarching theme. That being said, an important and sometimes overlooked result, is the outcomes improve how organizations keep sensitive data safe from insider threats, cyberattacks, and data breaches.

WHITEPAPER

From Financial Reporting to Cyber Security: Expanding SOX Compliance

SOX, initially aimed at addressing corporate fraud and improving financial reporting accuracy, has expanded to include broader IT and cybersecurity concerns due to the vital role of information systems in financial reporting. From a cyber security perspective, limiting access to financial data, along with the systems that encircle the data, is the overarching theme. That being said, an important and sometimes overlooked result, is the outcomes improve how organizations keep sensitive data safe from insider threats, cyberattacks, and data breaches.

Enhancing-SOX-Compliance

What’s Inside

The Sarbanes-Oxley Act of 2002 was enacted to protect investors and clients from fraudulent corporate practices, in response to a number of accounting and financial scandals. These scandals cost investors billions of dollars and shook public confidence in the US markets. The law applies to all US public company boards as well as public accounting firms.

From Financial Reporting to Cyber Security: Expanding SOX Compliance

  • What IT Systems are In Scope?
    Companies should perform an analysis to identify systems critical to financial reporting, prioritizing those with access to sensitive financial data, including common IT systems such as servers, workstations, and databases.
  • Section 302: CEO/CFO Certification:
    Executives are required to certify the accuracy of financial reports and ensure that effective internal controls over financial data are in place. IT systems and cybersecurity protocols directly affect the trustworthiness of financial data and organizations must ensure proper controls are operational across these systems and processes.
Featured-Image-_-Sphere-WP-_-Enhancing-SOX-Compliance