What is SOX Compliance?

The Sarbanes–Oxley Act of 2002 is a United States federal law which set new standards for all U.S. public company boards, public accounting firms, and management of each. It was named after its sponsors, Senator Paul Sarbanes and House Representative Michael Oxley.

The law was enacted in response to various accounting scandals which took place at public companies, such as Enron, Tyco, WorldCom, and others. As a result of these scandals, investors lost billions of dollars when share prices collapsed and public confidence in the markets shrank.

The SOX act contains 11 sections, ranging from board responsibilities to criminal penalties for non-compliance. However, it does not apply to privately held companies. The SEC is required to implement rulings on requirements to comply with the legislation. The act also addresses periphery issues, such as corporate governance, internal controls, financial disclosure, and auditor independence.

Generally speaking, the CEO is required to sign the company tax return and is responsible for its accuracy. For that reason, computer system compliance often is addressed as part of a SOX compliance initiative.

The CEO should be reasonably assured that the information the tax return contains is accurate and has not been improperly altered because he is on the hook for criminal proceedings should it prove to be inaccurate. If the company computers are not securely locked down, then it’s possible that someone may have tampered with the numbers, thus causing fraudulent reports.