Resume:

Wrongdoing by Enron and the like in the late 1990s lead to regulations created to standardize the trustworthiness of financial institutions and public companies. Companies faced with SOX compliance will need to consider the following: what are the best practice processes, how are these processes different from existing practices, how should new processes be implemented, and how can processes be balanced in the short term? with “longer-term strategic objectives”?

– – – – – – – – –

A world before SOX:

The corporate world had a rude awakening after a series of highly publicized corporate financial scandals. In the late 1990s, many stories of embezzled corporate dollars surfaced involving companies like Enron, Tyco, and WorldCom. Legislation soon responded to the multitude of serious transgressions committed by the top management of the corporate world.

Crimes committed by these industry bosses ranged from extravagant multi-million dollar trips to exotic locales, large private gifts to spouses, and shuffling company funds to finance other investments. The corporate world needed to be held accountable for its misdeeds. SOX (Sarbanes-Oxley Act) or the Public Company Accounting Reform and Investor Protection Act of 2002 came into effect to improve corporate governance and help police potential future wrongdoing.

The Sarbanes-Oxley Act of 2002 requires publicly traded entities to define, evaluate, and document the processes that lead to senior management accountability. SOX requires substantial audits or verification checks to ensure senior management is held accountable for their financial actions.

Why should private companies care about SOX?

While SOX applies directly to publicly traded companies, those private companies that want to do business with companies listed on places like the NASDQ must also comply with Sarbanes-Oxley.

Many large public corporations will simply refuse to do business with private companies that are not SOX compliant. Private companies that want to do business with large public entities are now also caught up in a SOX compliant landscape.

SOX affects a wide range of industries that “touch” the information of those publicly traded companies, including but not limited to:

• Lawyers
• Accountants and Audit Firms that review the financial statements of the company
• Brokers or merchants and their employees
• Security companies that handle electronic transactions.
• International businesses operating in the United States

Acceptance of SOX by private companies is not an issue as “73% of private company CEOs said SOX has done at least a decent job of improving financial governance and transparency for public companies “.(one)

Who is responsible for compliance with SOX communications?

SOX requires that incoming and outgoing correspondence be checked. Depending on the business structure, communication exchanges may be monitored by Chief Compliance Officers (CCOs), Chief Information Officers (CIOs), and Chief Risk Officers (CROs). These executives are responsible for the security, accuracy, and reliability of the organization’s messaging and reporting systems.

Well-prepared organizations have policies established by their high-level CCOs that outline what types of information may or may not be communicated outside of a department and outside of the organization. While these rules exist, companies often do not take the necessary steps to ensure that employees within the organization understand these rules and their importance.

What are the key elements of SOX that relate to electronic data storage and email security?

• SOX Section 404: Spreadsheets and financial reports must be protected from accidental or deliberate falsification or redistribution.
• SOX Section 409: Real-time disclosure of material affecting company finances must be reported within 48 hours
• SOX Section 802: Ensures documents and records are not tampered with
• SOX Section 1102: Corrupting, altering, mutilating, destroying, or concealing records are violations. Those found guilty of obstructing an investigation or official proceeding will face 20 years in prison and fines.

The Sarbanes-Oxley Act focuses on the corporate governance, accountability, and reporting practices of publicly traded companies. However, the law also affects private companies that could one day go public and those that do business with publicly traded companies.

What are the holes in your SOX compliance?

While sharing information online is a convenient luxury of e-commerce, it also creates great vulnerability as information, data, and correspondence are exchanged from one business to another. Data and email sharing can raise privacy and SOX compliance issues.

This errant misuse of company information is not unique to corporate America. Staff at 18% of large UK companies gained unauthorized access to information during 2005, the report says. Nine percent of those large companies saw staff misuse restricted information.(2)

How can your business sew up your SOX holes?

Executive management seeking SOX compliance must have the strength and commitment to strategic planning and execution of Sarbanes-Oxley directives. The CEO, CFO, CCO/CRO and CIO of the company must cooperate and pay close attention to detail when establishing policies to comply with SOX. The need to create and implement robust email and electronic data retention policies and online SOX compliance has never been greater than in today’s fast-changing world of e-business.

Email is not necessarily secure against interception. Whether or not email is encrypted in transmission depends on your software. Therefore, our policy is not to send you emails that contain personally identifiable information about you, your home, or your business.

Andy Purdy, acting director of the Department of Homeland Security’s National Cyber ​​Security Division in a 2006 interview with CNET identifies the importance of protecting a company’s important digital assets:

“Small and large businesses and government are important when it comes to reducing cyber risk. We are trying to raise awareness among partners about liability and technical consumers that they can use to help protect their systems…”(3)

Before Sarbanes-Oxley, corporations saw serious abuse of executive power at the cost of serious business growth. Today, severe criminal and civil penalties for securities law violations will be instituted against companies that do not comply with SOX standards.

How can private companies in today’s email link field thrive, while being SOX compliant? Introducing strong online SOX compliance policies that include firewalls, up-to-date virus protection, encryption, and email anti-theft measures can help a business work cooperatively with publicly traded companies.

Benefits of email anti-theft software

The implementation of email anti-theft allows a company to grow in credibility, reputation and trust; all factors that lead to increased clientele and revenue.

With security measures in place to maintain business correspondence and protect outgoing email, small and medium-sized businesses can be prudent with their technology budgets and well-armed with the tools and resources necessary to comply with the industry. Clients will feel more secure sharing their personal information with compliant SBM offices, paving the way for better and more secure communication.

– – – – – – – – – – –

Final notes:

1.) Rob Preston “Time to Regulate the Regulations” Information Week, February 27, 2006, 78.

2.) BBC News, “Firms lax on ID theft protects” March 16, 2006, BBC Online; URL:
http://news.bbc.co.uk/2/hi/technology/4809262.stm

3.) Joris Evers, “Newsmaker: Locking down America’s Net Defenses,” February 16, 2006, CNet New.com – [http://news.com.com/Locking+down+Americas+Net+defenses+-+page+2/2008-7348_3-6040223-2.html?tag=st.num]