Q

Is the Sarbanes-Oxley Act being enforced?

What actions are being taken to enforce the Sarbanes-Oxley Act? In this SearchSecurity.com Q&A, Mike Rothman discusses the regulations and precautions needed to ensure company compliance.

What happens when a company does not comply with the Sarbanes-Oxley Act? Have there been any criminal convictions? Is there data to show that the U.S. Securities and Exchange Commission (SEC) is actively pursuing companies who fail to comply?
To my knowledge, there have been no enforcement actions to date on a Sarbanes-Oxley violation. There are a couple of reasons for the lack of prosecutions. First, the federal government works slowly, unlike many fast-paced commercial businesses.

Also, the lack of definitive regulations has delayed much of the current enforcement; SOX requirements may be loosened in the near term. It seems, too, that the SEC is giving public companies the room to fix problems that are identified during examinations.

Implementing strong financial controls requires a change in process, culture and technology. This shift takes time, and the SEC hasn't gotten around to chasing folks yet.

To be clear, examinations are happening every day, and not many folks are "passing." In many cases, it has very little to do with security controls. The burden of financial controls and ensuring the integrity of financial reporting is stymieing many organizations, especially the small ones. "Passing" is also still somewhat subjective, meaning your grade may depend on your examiner and probably what side of the bed he/she woke up on that day. A lot of the industry has agreed on COBIT as an acceptable framework for Sarbanes-Oxley compliance.

Regulations are in place to make sure that organizations do the right thing. Whether SOX is enforced or not, it's probably a good idea for a company to have tight financial controls in place. An organization should also make efforts to protect customers' private data, regardless of HIPAA, GLBA or PCI.

More information:

  • In this webcast, learn the five steps that can lead to Sarbanes-Oxley compliance.
  • See how the SEC made it easier for small businesses to comply with Sarbanes-Oxley regulations.
  • This was first published in April 2007

    Dig deeper on Sarbanes-Oxley Act

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close