Sarbanes – Oxley Act of 2002 (SOX) is a United States federal law enacted on 30 July 2002, which sets standards for all US public company boards, management and public accounting firms. The act protects shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improves the accuracy of corporate discourses. Defines three rules that effect corporate management of electronic records; first rules discusses disposal practices, second the retention period, and the third defines what type of business records need to be stored.

Sarbanes-Oxley Act section 404 has two major points:

  • Management is accountable for establishing and maintaining internal controls and procedures that enable accurate financial reporting, and assessing this posture every fiscal year in an internal control report.
  • Public accounting firms that prepare or issue yearly audits must attest to, and report on, this yearly assessment by management.

Sarbanes-Oxley Act section 302 expands this with compliance requirements to:

  • List all deficiencies in internal controls and information, as well as report any fraud involving internal employees.
  • Detail significant changes in internal controls, or factors that could have a negative impact on internal controls.

Be in compliance:

  • Any financial information needs to be safeguarded
  • Specific internal security controls need to be identified that protect this data
  • Conduct auditing