What is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act, sometimes referred to by the acronym SOX, was signed into law on 30 July 2002 by President Bush. The Act is designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures.

What does SOX cover?

SOX’s fill name gives a summary of what the law covers.

Public Law 107 202 – Sarbanes-Oxley Act of 2002

An act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility, and enhanced financial disclosure. It also significantly tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley.

Why was the Sarbanes-Oxley Act created?

The Sarbanes-Oxley (SOX) Act is a 21st-century U.S. milestone data compliance and disclosure law created to protect both investors and businesses by improving the accuracy and reliability of corporate disclosures.


Portions of this definition originally appeared on Datamation.com and are excerpted here with permission.

The SOX Act was passed in 2002 after several major fraud cases made it clear that additional safeguards needed to be in place to protect the integrity of businesses and investors from malicious actors.

The bill guards against faulty or misrepresented disclosures of publicly traded companies’ financial data and requires C-suite executives to take responsibility for honest financial reporting, formalized data security policies, and documentation of all relevant financial details.

By requiring companies to maintain a thorough, accurate record of their financial data and to upkeep their network security around their financial data, SOX ensures internal and external shareholders are not given false information about their investments.

What are the SOX Act’s important features?

Sarbanes-Oxley Act cover page.
The cover page of the Sarbanes-Oxley Act of 2002.

The Sarbanes-Oxley Act:

  • Establishes auditing policies, procedures, and standards through the Public Company Accounting Oversight Board (PCAOB)
  • Prevents conflicts of interest between auditors, their clients, and the services they exchange
  • Ensures senior executives are held responsible for maintaining accurate financial statements and reports and requires the CEO to sign company tax returns
  • Defines scenarios in which a broker, advisor, or dealer can barred from practicing
  • Provides certain protections for whistleblowers while also enforcing criminal penalties for violators who knowingly manipulate financial data or obstruct investigations
  • Establishes and supports reporting and compliance enforcement on the part of the U.S. Securities and Exchange Commission (SEC)

Datamation goes in depth on how SOX impacts tech companies with SOX Requirements and Rules.

What are data-specific rules in the SOX Act?

As the SOX Act regulates the financial data of publicly traded companies, the federal law enacts several rules for financial data, especially as it relates to corporate transactions.

The rules require companies to submit for regular external audits and enable companies to conduct internal reporting and controls to support financial data accuracy. Companies are also expected to report to the SEC with concrete evidence of changes in the financial condition.

In addition to federal regulations, the SOX Act also requires an internal control report, which details all of a company’s financial history, and additional documentation that indicates financial data is monitored regularly.

Specific data points that should be included in the internal control report include:

  • Demonstration of internal controls
  • Network, database, and user activity
  • Security concerns related to activity, such as failed logins and authentications
  • Information access

And while the SOX Act does not outline any specific security protocols or expectations, the SEC requires formal data security policies with proof of communication and enforcement across a corporate network.

Where can the Sarbanes-Oxley Act be downloaded?

Download and read the Act in its entirety from the US Government Printing Office.

 

 

Shelby Hiter
Shelby Hiter
Shelby Hiter is a writer with more than five years of experience in writing and editing, focusing on healthcare, technology, data, enterprise IT, and technology marketing. She currently writes for four different digital publications in the technology industry: Datamation, Enterprise Networking Planet, CIO Insight, and Webopedia. When she’s not writing, Shelby loves finding group trivia events with friends, cross stitching decorations for her home, reading too many novels, and turning her puppy into a social media influencer.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads,...

AutoLocky Ransomware

AutoLocky is ransomware written in the popular AutoIt scripting language. It uses strong...

Data Governance

Data governance is a term used to refer to the management of processes,...