Question

In: Accounting

What is required by Sarbanes-Oxley (SOX) to be logged? Or Describe the system processes executed and...

What is required by Sarbanes-Oxley (SOX) to be logged? Or Describe the system processes executed and data collected in the process of logging an event.

Solutions

Expert Solution

The Sarbanes Oxley Act requires all financial reports to include an Internal Controls Report. This shows that a company's financial data are accurate (within 5% variance) and adequate controls are in place to safeguard financial data. Year-end financial dislosure reports are also a requirement. An independent external SOX auditor is required to review controls, policies, and procedures during a Section 404 audit.

An audit will also look at personnel and may interview staff to confirm that their duties match their job description, and that they have the required training to safely access financial information.

Specifically, SOX sections 302, 404 and 409 require the following parameters and conditions must be monitored, logged and audited:

Internal controls

Network activity

Database activity

Login activity (success and failures)

Account activity

User activity

Information Access

SOX auditing requires that "internal controls and procedures" can be audited using a control framework like COBIT. Log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.

A review of a company's internal controls is often the largest components of a SOX compliance audit. Internal controls include all IT assets, including any computers, network hardware, and other electronic equipment that financial data passes through. A SOX IT audit will look at the following internal control items:

IT security: Ensure that proper controls are in place to prevent data breaches and have tools ready to remediate incidents should they occur. Invest in services and equipment that will monitor and protect your financial database.

Access controls: This refers to both the physical and electronic controls that prevent unauthorized users from viewing sensitive financial information. This includes keeping servers and data centers in secure locations, implementing effective password controls, and other measures.

Data backup: Maintain backup systems to protect sensitive data. Data centers containing backed-up data, including those stored off-site or by a third-party are also subject to the same SOX compliance requirements as those hosted on-site.

Change management: This involves the IT department process for adding new users and computers, updating and installing new software, and making any changes to databases or other data infrastructure components. Keep records of what was changed, in addition to when it was changed and who changed it.


Related Solutions

explain the highlights of Sarbanes oxley act (SOX)?
explain the highlights of Sarbanes oxley act (SOX)?
what are SOX ( Sarbanes Oxley Act) provisions and how have SOX provisions, SEC-related rules, and...
what are SOX ( Sarbanes Oxley Act) provisions and how have SOX provisions, SEC-related rules, and listing standards influenced the Corporate Governance structure?
The Sarbanes - Oxley Act (SOX) requires all public companies to have an internal control system....
The Sarbanes - Oxley Act (SOX) requires all public companies to have an internal control system. Section 404 mandates that the company's annual report include an annual internal control report.  Who has the primary responsibility for internal control? What is/are the primary purpose/goals of internal controls? What are the limitations of internal controls? What are the main components of a system of internal controls?
Is SOX working? Is Section 404 of Sarbanes-Oxley accomplishing what it was intended? Why or why...
Is SOX working? Is Section 404 of Sarbanes-Oxley accomplishing what it was intended? Why or why not? Has it been worth the cost?
The Sarbanes Oxley (SOX) Act was passed in 2002 as a result of corporate scandals and...
The Sarbanes Oxley (SOX) Act was passed in 2002 as a result of corporate scandals and in as attempt to regain public trust in accounting and reporting practices. Two random samples of 1015 executives were surveyed and asked their opinion about accounting practices in both 2000 and in 2006. The table below summarizes all 2030 responses to the question, “Which of the following do you consider most critical to establishing ethical and legal accounting and reporting practices?” Did the distribution...
The Sarbanes-Oxley (SOX) Act was enacted in 2002 for companies in the private sector as a...
The Sarbanes-Oxley (SOX) Act was enacted in 2002 for companies in the private sector as a result of the Enron and other scandals. However, it does not apply to government. Should SOX-like provisions be required for the federal government? Has there been any move in this direction? Why or why not?
Explain the goals of Sarbanes-Oxley Act (SOX) legislation? original answer please
Explain the goals of Sarbanes-Oxley Act (SOX) legislation? original answer please
Explain the significance of Sarbanes-Oxley (SOX) in regards to Accounting Information Systems auditing.
Explain the significance of Sarbanes-Oxley (SOX) in regards to Accounting Information Systems auditing.
The Sarbanes-Oxley Act (SOX) was enacted in the wake of accounting scandals in the early 200s....
The Sarbanes-Oxley Act (SOX) was enacted in the wake of accounting scandals in the early 200s. Examine one (1) of the following white collar crime cases in detail and compare it to SOX: Adelphia Enron Global Crossing Halliburton Qwest Tyco MCI WorldCom Olympus HealthSouth Parmalat AIG Bernard Madoff Key elements of your paper should include: A brief background of the company An overview of the case: The key actors - Who are they: what are their backgrounds, titles, and roles...
Under the provisions of the Sarbanes-Oxley Act of 2002 (SOX), the Audit Committee of a public...
Under the provisions of the Sarbanes-Oxley Act of 2002 (SOX), the Audit Committee of a public company has specific guidelines that must be adhered to. Discuss some of the mandated features of the Audit Committee of a public company under SOX.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT