Streamline Compliance with a Comprehensive Technology Platform

Data Auditing for Sarbanes-Oxley

The Sarbanes-Oxley Act requires executives and auditors of publicly held companies, along with  some private and international businesses, to validate the accuracy and integrity of their financial statements. Section 404 of the Act requires annual evaluation and documentation of the internal controls and procedures in place to produce financial information. Section 302 requires the CEO and CFO to quarterly certify the existence of controls and sign-off on the accuracy of the organization's financial statements. Since all information making financial statements is stored and maintained in databases, it is critical that these databases are continuously audited. These audit trails are what helps prove the integrity of reported information, giving executives and auditors the ability to sign-off with confidence that you are complaint.

Auditing provides an "unimpeachable" audit trail of database activity so that executives are confident that their data is secure and that the reports generated are accurate.

Guess what - to really be sure that you are compliant at all times - you need an internal technology and infrastructure that tracks transactions, processes and personnel access at every stage of the business and process flow. Then you will need to ensure that you have alarms/alerts along with log files to really be able to track all of the system, personnel and transaction activities. This also includes any trading partners you have.

You will need to prove what was sent to them (document, format etc), how it was sent(VAN, protocols, encryption etc), when it was sent (timestamps), to whom it went to and when it was formally acknowledged - proof of delivery and recpeipt. Not to mention you need a good system that can generate reports on these processes

When Execs submit reports to the appropriate parties for compliance and certification - they better make sure they are accurate with audit trails proving their case.  If reports are submitted that are incorrect - the fines and penalties are steep. In many cases, failing to be compliant may mean jail time or loss of board involvement for "C" level execs. This is not something a company can easily recover from - so make sure you are compliant.