Sarbanes-Oxley is now 15 years old, but it continues to present challenges for public companies. We agree ‒ it’s very broad and it could be more straightforward. It’s no surprise you’re still unsure about the specific requirements that are applicable to your company or organization. Taking the time to understand how your business should comply with SOX is an obvious, yet crucial first step. Understanding its complex provisions is another challenge.
That’s why we put together this infographic, a sort of SOX 101, hoping it will help you grasp the essence and navigate the strict rules and regulations of this Act which irrevocably changed the way businesses should store and manage files.
A Brief History
At the very beginning of 21st century, the trust in the U.S. security markets was heavily shaken by a number of major corporate scandals that cost investors billions of dollars on the stock market. These scandals mostly affected Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom.
To recover the confidence in the market and provide a stable financial climate, the United States desperately needed the reforms of their business laws and practice. In 2002, as a response to such an alarming demand, the U.S. Congress created a federal law, The Sarbanes-Oxley Act, more commonly referred to as Sarbanes-Oxley, Sarbox, or simply SOX.
What’s it all about?
The law itself set a revised and expanded requirements for all public company boards and accounting firms with a number of provisions that also applied to privately held companies. The principle purpose of SOX was to oblige management boards to take individual responsibility for the accuracy of financial information and to impose more severe penalties for fraudulent activities, thus protecting the market from further corporate scandals and instabilities.
Acknowledging the same threats within their own markets, Canada, Germany, South Africa, France, Australia, India, Japan, Italy, Israel and Turkey subsequently enacted SOX-type regulations.
11 pillars of SOX
The Sarbanes-Oxley Act revolves around 11 major elements, covering everything from corporate board responsibilities to criminal penalties. In brief, these 11 elements cover:
1. Public Company Accounting Oversight Board (PCAOB)
This element asks for the creation of central and independent oversight board within public accounting firms providing audit services (“auditors”).
2. Auditor Independence
The second element restricts auditing companies from providing non-audit services, such as consulting, to the same clients.
3. Corporate Responsibility
Title III imposes individual responsibility of senior executives for the accuracy of financial reports.
4. Enhanced Financial Disclosures
The fourth element asks for the tighter internal controls for the sake of providing timely reporting of any relevant changes in financial condition.
5. Analyst Conflicts of Interest
This element is focused on the conduct codes for securities analysts, requiring disclosures of any possible conflicts of interest.
6. Commission Resources and Authority
Title VI defines the authority to censure or bar professionals from practice and defines conditions under which such actions can be partaken.
7. Studies and Reports
This element deals with the effect of consolidation of public accounting firms, aiming to prevent the manipulation of earnings and masking of actual financial conditions.
8. Corporate and Criminal Fraud Accountability
Title VIII describes criminal penalties for manipulation, destruction or alteration of financial records or other interference with investigations, while providing protection for whistleblowers.
9. White Collar Crime Penalty Enhancement
This element presents failure to certify financial reports as a criminal offense.
10. Corporate Tax Returns
This element obliges the CEO of any company to sign the company tax return.
11. Corporate Fraud Accountability
Finally, the eleventh element recognizes corporate fraud and record tampering as serious criminal offenses and states the penalties for the offenders.
How to Handle the SOX Compliance with the Help of Email Archiving
What SOX was aiming to bring to the companies is, of course, a greater market stability and higher security levels. However, in practical sense, the Act forced companies to revise the way they handle their internal communication, guarantee sensitive data handling and provide transparent business operation. Naturally, in the years following the Act, the market showed a growing demand for SaaS (software as a service) products that would satisfy this complex regulatory compliance.
Among various options, Email Archiving emerged as the optimal solution that can help companies meet the needs of SOX Act.
Why is that so?
Email Archiving Benefits
1. Simplification of the eDiscovery process ‒ crucial for the provision of timely financial reports by company directors and internal auditors.
2. Data storage centralization ‒ removes the risk of relying on external servers and software solutions.
3. Custom made optimization for employees ‒ with respect to the SOX elements related to the individual responsibilities of relevant company members.
4. Simple and safe Restore functions ‒ provide data safety and easy backup & recovery processes in cases of technical issues.
5. Transparent communication ‒ supported by easy data tracking, indexing and archiving, equally important for legal discovery and prevention of data manipulation.
Failing to comply with Sarbanes-Oxley Act can bring a range of severe consequences for any financial business, from higher risks of financial misstatements, operational and financial sanctions and penalties to major negative capital market reactions. With a simple software tool, both responsible individuals and companies as a whole can meet the SOX regulatory compliance. To learn more about the benefits of Email Archiving, contact Jatheon.