CionSystems

SOX Compliance in Detail

The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called Sarbanes-Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.

Corporate governance, incorporation of strong internal controls, competent policies and procedures by enterprises with transparency and accuracy of their financial disclosures are the key requirements.

Why comply with SOX?

Compliance with SOX regulations is not optional for public companies. It’s a mandatory process forcing companies to submit an annual report containing details of their internal accounting structure to the Securities and Exchange Commission (SEC). Non-compliance can lead to penalties including large fines, delisting and for the worst offenses even imprisonment of corporate officers involved in the misappropriation of financial data.

IT Helps the SOX Compliance

Enterprises depend on IT to manage the internal controls by providing a secure Identity and Access Management policy complying with SOX guidelines. One of the main functions of IT is to ensure that all financial transactions and data entry are carried out only by authorized personnel. In many companies this is a very time-intensive activity requiring extra resources and increasing the cost to the organization.

This legislation has multiple titles/sections, each corresponding to specific guidelines. For IT organizations, Section 404 and a portion of Section 302 specify how IT can help achieve compliance. In some cases, Section 409 is also considered important.

Where does Active Directory fit in SOX Compliance?

AD is a secure, distributed, partitioned and replicated directory service present in Windows Server infrastructure. In Windows-based environments, AD offers significant assistance in the implementation of SOX standards:

  • Control of identities and access permissions within the enterprise
  • Central authentication of users
  • Delegation and provision of access to resources for each user
  • Central repository for tracking all access attempts

SOX Compliance with Active Directory Reporter

Active Directory Reporter is a web-based application that facilitates centralized reporting. With an easy to use and intuitive UI, Active Directory Reporter enhances administrative capabilities. It saves considerable time for administrators and helps meet compliance audit requirements with ease. IT administrators have access to over 200 unique AD reports. Many of these have critical data relevant to SOX Compliance.

Implementing the Active Directory Reporter, enterprises can now easily report on SOX compliance and attend regulatory audits with confidence.