HomeDefinitions

What is the Sarbanes-Oxley Act?

Shelby Hiter
Shelby Hiter
Updated on:

The Sarbanes-Oxley Act, sometimes referred to by the acronym SOX, was signed into law on 30 July 2002 by President Bush. The Act is designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures.

What does SOX cover?

SOX’s fill name gives a summary of what the law covers.

Public Law 107 202 – Sarbanes-Oxley Act of 2002

An act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility, and enhanced financial disclosure. It also significantly tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley.

Why was the Sarbanes-Oxley Act created?

The Sarbanes-Oxley (SOX) Act is a 21st-century U.S. milestone data compliance and disclosure law created to protect both investors and businesses by improving the accuracy and reliability of corporate disclosures.

Portions of this definition originally appeared on Datamation.com and are excerpted here with permission.

The SOX Act was passed in 2002 after several major fraud cases made it clear that additional safeguards needed to be in place to protect the integrity of businesses and investors from malicious actors.

The bill guards against faulty or misrepresented disclosures of publicly traded companies’ financial data and requires C-suite executives to take responsibility for honest financial reporting, formalized data security policies, and documentation of all relevant financial details.

By requiring companies to maintain a thorough, accurate record of their financial data and to upkeep their network security around their financial data, SOX ensures internal and external shareholders are not given false information about their investments.

What are the SOX Act’s important features?

Sarbanes-Oxley Act cover page.
The cover page of the Sarbanes-Oxley Act of 2002.

The Sarbanes-Oxley Act:

  • Establishes auditing policies, procedures, and standards through the Public Company Accounting Oversight Board (PCAOB)
  • Prevents conflicts of interest between auditors, their clients, and the services they exchange
  • Ensures senior executives are held responsible for maintaining accurate financial statements and reports and requires the CEO to sign company tax returns
  • Defines scenarios in which a broker, advisor, or dealer can barred from practicing
  • Provides certain protections for whistleblowers while also enforcing criminal penalties for violators who knowingly manipulate financial data or obstruct investigations
  • Establishes and supports reporting and compliance enforcement on the part of the U.S. Securities and Exchange Commission (SEC)
Datamation goes in depth on how SOX impacts tech companies with SOX Requirements and Rules.

What are data-specific rules in the SOX Act?

As the SOX Act regulates the financial data of publicly traded companies, the federal law enacts several rules for financial data, especially as it relates to corporate transactions.

The rules require companies to submit for regular external audits and enable companies to conduct internal reporting and controls to support financial data accuracy. Companies are also expected to report to the SEC with concrete evidence of changes in the financial condition.

In addition to federal regulations, the SOX Act also requires an internal control report, which details all of a company’s financial history, and additional documentation that indicates financial data is monitored regularly.

Specific data points that should be included in the internal control report include:

  • Demonstration of internal controls
  • Network, database, and user activity
  • Security concerns related to activity, such as failed logins and authentications
  • Information access

And while the SOX Act does not outline any specific security protocols or expectations, the SEC requires formal data security policies with proof of communication and enforcement across a corporate network.

Where can the Sarbanes-Oxley Act be downloaded?

Download and read the Act in its entirety from the US Government Printing Office.

 

 

Shelby Hiter
Shelby Hiter
Shelby Hiter is a writer with more than five years of experience in writing and editing, focusing on healthcare, technology, data, enterprise IT, and technology marketing. She currently writes for four different digital publications in the technology industry: Datamation, Enterprise Networking Planet, CIO Insight, and Webopedia. When she’s not writing, Shelby loves finding group trivia events with friends, cross stitching decorations for her home, reading too many novels, and turning her puppy into a social media influencer.

Top Articles

List of Windows Operating System Versions & History [In Order]

Definitions Vangie Beal - 0
The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Browsers Vangie Beal - 0
Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Computers Vangie Beal - 0
Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Productivity Vangie Beal - 0
Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Related Articles

Definitions

Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads,...
Read more
Definitions

AutoLocky Ransomware

AutoLocky is ransomware written in the popular AutoIt scripting language. It uses strong...
Read more
Definitions

Data Governance

Data governance is a term used to refer to the management of processes,...
Read more

Webopedia is an online information technology and computer science resource for IT professionals, students, and educators. Webopedia focuses on connecting researchers with IT resources that are most helpful for them. Webopedia resources cover technology definitions, educational guides, and software reviews that are accessible to all researchers regardless of technical background.

Advertisers

Advertise with TechnologyAdvice on Webopedia and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2021 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.