What is Sarbanes Oxley? The first thing that would come to our mind is that, this act was named after its sponsors Paul Sarbanes and Michael Oxley. The generally known shortened name of Sarbanes Oxley is SOX. It came into action in the year 2002.
So now that you know the basics, what is Sarbanes Oxley all about and what is the thinking behind it anyway? This particular act was put in place to protect the shareholders from any errors caused in accounting and deceitful practices that might occur in the enterprise. The reason that forced Sir Paul Sarbanes and Sir Michael Oxley to frame such an act was the WorldCom and Enron financial scandals that had a high profile impact. Securities and Exchange Commission, which is known as SEC governs the act. SEC is responsible for setting up of compliance deadlines and rule publications if necessary.
Now that the “What is Sarbanes Oxley” question has been answered on a fundamental level, why does the SEC govern SOX? The reason for this question is that, SOX is an act that enlists the records which have to be stored and the time frame for storing those records. Thus SEC should govern the act for its compliance by all the enterprises. Sarbanes Oxley has a direct impact not only on the financial ground of the organization but also on the IT department since IT is responsible for storing the electronic records of the organization.
According to Sarbanes Oxley act, organization should store their business records for a time frame of not less than 5 years. Electronic messages and electronic records are also part of the company’s business records. The main challenge that this act creates for an IT department is that, the department should create a record storage archive which should comply with the Sarbanes Oxley legislation as well as the archive should be cost effective. If any organizations are found to be not complying with the Sarbanes Oxley legislation, then they will have to face serious consequences which may include imprisonments and/or fines.
Sarbanes Oxley includes three main rules. The first rule deals with any kind of actions that may involve destruction or alteration of the electronic records. If any organization tries to alter the electronic records for any reason, a case will be filed against the organization and they might be fined and imprisoned for a period of 20 years.
Second rule deals with the time period for record storage. As mentioned earlier, electronic records should be stored not less than 5 years. The third rule is with respect to the type of records that have to be stored. All business records including electronic messages and records have to be stored as per the third law of Sarbanes Oxley act. Securities and Exchange Commission will monitor whether the organizations comply with this rule. Audits and reviews should be conducted to monitor the same.
Sarbanes Oxley should be strictly adhered to by all the public companies in theUnited States. The legislation should also be followed by both US and International companies who have registered with the Securities and Exchange Commission. The companies that provide audit support to these registered organizations should also comply with the Sarbanes Oxley Act.