Compliance Glossary

After the enactment of several large-scale accounting frauds, the Sarbanes Oxley Act (SOX), passed in 2002 with influential backing from both Congressional parties, was intended to enhance the practice of auditing and public reporting. 

Drafted in honor of Senator Paul Sarbanes and Representative Michael Oxley, SOX reduces investor risk by promoting the credibility of companies’ financial statements.

This is because ISACA’s mission aligns with this goal. ISACA aims to empower IT governance, risk management, and cybersecurity professionals.

Some of the key sections include:

• Section 302: They point out that the CEOS and CFOs of public companies must make certifications to ensure that the financial reports are accurate and contain no omissions and that the company has adequate internal controls.
• Section 404: Also known as the heart of SOX, this section requires that companies develop documented internal controls and annual reports on these controls.
• Section 806: Guard the whistleblowers and make sure employees can report fraud cases without expectation of being punished.
• Section 802: This section stems from the ‘audit trail’. It prescribes criminal sanctions to anyone who deletes or amends some of these records, and companies are expected to retain them for seven years.

Section 409: Business organizations are expected to provide the public with updated information when there is an alteration in the companies’ financial structural and operational patterns.