The Sarbanes-Oxley Act
The Sarbanes-Oxley Act was adopted as law to ensure that investors have reliable data in which to make their financial decisions. The law was, in large part, a result of the accounting scandals that took place around the turn of the century within publicly-traded organizations such as Enron, Tyco International, Adelphia, and WorldCom. These scandals cost investors billions of dollars and resulted in a widespread loss in confidence in American securities. To remedy this loss of confidence, the United States congress took swift measures in a bipartisan co-sponsored bill that amended the necessary processes that publicly traded companies reported revenue. The bill is named after its co-sponsors, Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH)\ and was signed into law by President George W. Bush on July 30, 2002.
SOX Compliance is the observation of the protocols mandated by the Sarbanes-Oxley Act.
IT was a enacted as a few well known publicly-owned corporations were “cooking their books” in order to retain unjustifiably high stock prices, inflating the worth of their companies. When the fraud was realized, it was too late and billions of investment dollars were lost.
In regards to technology, a SOX-compliant infrastructure is the creation and maintenance of a secure computing system that allows for privacy of secure transfer of financial information directly to accountable parties (i.e. Company officers). The creation of this infrastructure must meet the requirements of a SOX third-party auditor. These auditors are hired at the expense of the organization that requires the audit.
One the variables that SOX auditors look for in a compliant IT infrastructure is if the information is adequately protected – i.e. encrypted.