SOX 404 and IT
- Risk Assessment. Before the necessary controls are implemented, IT management must assess and understand the areas of risk affecting the completeness and validity of the financial reports.
- Control Activities. Design, implementation and quality assurance testing teams should be independent. ERP and CRM systems that collect data, but feed into manual spreadsheets are prone to human error. The organization will need to document usage rules and create an audit trail for each system that contributes financial information.
- Monitoring. Auditing processes and schedules should be developed to address the high-risk areas within the IT organization. IT personnel should perform frequent internal audits.
The Sarbanes-Oxley Act of 2002 is a United States law that affects the auditing, financial reporting and security of financial information of publicly traded companies.
Many publicly traded companies have adopted nFront Password Filter to help them ensure better data security by disallowing weak, easily hacked passwords. Furthermore, nFront Password Filter has features specifically built in based on SOX requirements such as the default ability to log all rejected passwords (SOX requires that most IT applications and processes log all failures).