SOX: Sarbanes Oxley
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Sarbanes-Oxley (SOX) Compliance

Overview

Our business oriented approach to SOX compliance goes beyond normal systems audit and focuses on deriving increased value for information systems through robust internal controls, implemented as part of an efficient corporate governance framework.

Using the COSO framework, we assist in establishing a healthy IT Control environment, enabling senior management understand the organisation's IT-related business risks, implement controls to mitigate them, and empower management of residual risk. The objective is to design an IT Security Governance framework, where the management can measure and control IT related business risks.

Our comprehensive approach to assessing, planning, designing, implementing and managing mission critical activities will assure rapid identification, improvements, and testing of internal controls and processes.

Safeguarding internal controls and procedures for financial reporting, as well as ensuring the confidentiality, integrity and availability of information, is no longer just a best practice for public organisations.

  • Our 5-step process identifies and analyses gaps in your current security state compared to requirements for security best practices.
  • We design and help implement solutions to close the gaps and ensure ongoing conformity

Features

With Security Brigades Sarbanes-Oxley Compliance, companies can leverage SOX initiatives to build an on demand environment that has the flexibility to respond quickly to changes in their business environment.

Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections, summarized below.

  • Public Company Accounting Oversight Board (PCAOB)
  • Auditor Independence
  • Corporate Responsibility
  • Enhanced Financial Disclosures
  • Analyst Conflicts of Interest
  • Commission Resources and Authority
  • Studies and Reports
  • Corporate and Criminal Fraud Accountability
  • White Collar Crime Penalty Enhancement
  • Corporate Tax Returns
  • Corporate Fraud Accountability

Benefits

Security Brigade as a leader in innovative research has demonstrated continued success helping public organisations quickly and simply achieve security best practices that meet the requirements of the Sarbanes-Oxley Act.

  • Increase infrastructure security with strengthened control environment.
  • Optimize your security process with more reliable documentation.
  • Along with SOX gain compliance with other statutory regimes.
  • Improve your processes with more standardized processes for IT and other functions
  • Decreases costs with reduced complexity of organisational processes.
  • Maximize security efficiency with more effective use of both automated and manual controls.
  • Prevents loss of customer’s confidential information.
  • Helps to achieve and maintain compliance with federal and state regulations.
  • Overcoming legal hassles due to failure of the application security.

Technical Information

The Sarbanes-Oxley Act was developed to address all the complexities of investor reporting — not to mention individual accountability and integrity. Its scope is formidable, and many today believe that it is even broader than initially perceived.

Section 302
Section 302, which requires CEOs and CFOs to personally certify quarterly and annual financial statements and take responsibility for ensuring their accuracy, was implemented in August 2002. Most, if not all, large U.S. corporations are complying — at least technically. But many remain concerned about the quality of their financial reports, notwithstanding those certifications. In helping clients address Sarbanes-Oxley, IBM Business Consulting Services has identified key issues regarding Section 302 compliance:

  • Reporting limitations. Are you falling prey to the limits of manual spreadsheets and processes?
  • Information integrity. Can you trust your data? And are you struggling with inconsistencies in your reporting definitions and/or calculations?
  • Corporate governance and accountability. Compliance issues affect all layers of a company; do you have the resources in place to make sure everyone is doing his or her part? Is compliance being pushed down to all business units and subsidiaries, making accuracy and integrity the explicit responsibility of all C-level executives?
  • A slow close process. With Sarbanes-Oxley, time is of the essence. Is your infrastructure slowing your external reporting?

Section 404
The section of Sarbanes-Oxley currently weighing most on your mind may be Section 404, which mandates that your company provide an annual report on internal controls, attested to by an external audit firm. Section 404 implementation challenges include:

  • Insufficient controls management. Have you effectively implemented procedures related to the definition, documentation, testing, monitoring and enhancement of internal controls?
  • Unclear division of duties. The new legislation brings a host of new responsibilities; who's doing what in your organisation?
  • Lagging document management strategies. Are old content and document management strategies causing you problems as you attempt to meet Sarbanes-Oxley requirements?
  • Loose "off-the-ledger" audit trails. Do you have weak links in documentation, data consistency or other internal controls that could result in off-the-ledger headaches?

Section 409
Section 409 is still being constructed, but savvy companies are preparing now for the huge impact it's expected to have; it will essentially mandate that companies disclose any material changes in their financial conditions or operations — in real time.

What could stand in your way once 409 is officially adopted and enforced?

  • Inadequate monitoring capabilities. If you are currently struggling to monitor compliance activities and progress, will 409 cause you to stumble
  • Obscured or limited visibility. How will you be able to quickly apprise the public of important changes in your company's performance if you're not immediately aware of these changes yourself?
  • Lack of predictability. Do you have a clear view of your company's end-to-end business performance?
  • Tangled lines of communication. Does your company's infrastructure lack the proper vehicles for reporting material events in real time? If so, 409 compliance will be tough, if not impossible.
  • organisational culture. Does your organisation suffer from a fear of reporting bad news up the chain of command? This may prevent leaders from being aware of possibly material events, as your staff waits and hopes that tomorrow, or next month, or even next quarter will deliver something better to offset the negative event.

Security Brigade can guide you through — and beyond — Sarbanes-Oxley

Given the multifaceted and evolving nature of Sarbanes-Oxley, you may simply be reacting to the new rules as they come, rather than developing the kind of long-term strategy that could put you ahead of your competition.

But for the business leaders who recognize that change is both a challenge and an opportunity, Sarbanes-Oxley represents a gateway to bigger and better things. The trick is to comply and to use compliance as a lever for positioning your company for maximum business effectiveness and continued success over the long term.

Security Brigade can help

First, we have the tools to help you in your efforts to comply with Section 404, and other sections of the Act, so that it becomes a fluid part of your day-to-day business. In addition, we have the experience to help your organisation leverage SOX to make your business more effective and efficient, to make you more competitive, and to position you for the future.

Security Brigade offers a full — and flexible — line-up of Sarbanes-Oxley-related services designed to assist you with your SOX initiatives. These products and services range from an electronic controls library to workflow and process management tools to application infrastructure solutions.

From helping you assess your company's performance gaps, to initiating both short- and long-term recommendations in support of your Sarbanes-Oxley plans, to measuring results, Security Brigades Services are designed to make your job easier.

What truly sets us apart, though, is our ability to provide end-to-end solutions. Working with Security Brigade, your Sarbanes-Oxley compliance initiatives will seem like less of an obstacle, and more of an opportunity.

Copyright 2006 Security Brigade