The Sarbanes-Oxley Act of 2002 (SOX) is federal legislation enacted in response to the high-profile WorldCom and Enron financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. It mandates how corporate boards and executives must interact with each other and with corporate auditors. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Under Sarbanes-Oxley, CEOs and CFOs are accountable for their organization’s financial statements. SOX also specifies financial reporting responsibilities, including adherence to internal controls and procedures designed to ensure the validity of financial records.

Section 404 of SOX is particularly germane to corporate IT and IS professionals. This section details required internal controls over how financial data is collected, managed, and reported, including:

• Implementing controls that prevent misstatements on financial reports
• Assessing risk with regard to information management systems
• Implementing financial reporting control to validate the accuracy and integrity of financial data

At Evans Resource Group, we have the specialized expertise, tools, and methodology that can help your organization meet SOX compliance requirements including addressing a pervasive vulnerability that exists in your WebSphere BPIC network. That vulnerability, which is currently not being assessed using proper controls, results in administrative access control that could violate your SOX certification.

To learn more about our unique methodology and how it can help you address your SOX security and compliance requirements, contact us today at:info@evansrg.com