Sox Act and Business Security

SOX Act & Financial Data Security Business Security Breach of security is the worst thing that can happen to a business. Such breach can be an actual break-in, employee fraud or theft, internet hackers and theft of vital business information. Breach of security of any one type can lead to financial losses as well as loosing market leverage. Hence it is appropriate that business take adequate security measures in all the above mentioned aspects (Coombs, 2008). Installing and implementing adequate security systems is a must of any business.

there are various types of business security systems. The company security system depends on the number of employees, the sensitivity of the information stored and the belief on the loyalty of the employees. To prevent actual break-ins and thefts, business should install surveillance systems and ensure proper monitoring of the same through live video footage. This is the most common way of securing physical theft and break-ins. Adequate locking systems equipped with proper coding for opening of the locks is necessary.

In general, video surveillance can be installed in areas where valuable materials are stored, cash registers or safes and areas where important documents are stored in the physical form. To ensure better security in this regard, companies should also install limited access control to various places in the office premises. Employees would be required to punch in a code on a keypad or swipe a card in order to get into the building or a specific area of the building.

For internet security and security of electronically stored business information, companies need to have user policies and IT policies to ensure safety. User policy is limited to the employees who use or have access to the information systems and the networks. Such user security policies would define what users can and must do to get access to and after getting into the company network.

Such policies should include password policies to keep accounts safe, propriety of use of company information, use of the internet and the information system of the company and security against viruses from possible slackness of users (Campbell, n.d.). Every company, big or small, also needs to have adequate IT security policies. This refers to the security measures that the It department of the company should ensure to prevent internet hacking by outsiders.

For this security, the company should install virus detection and alerting systems in the network, make adequate measures to create a back up for the electronically stored information and define and detail directions about what to back up, who backs it up and where the backup information is to be stored, adequate firewall policies and measures and install adequate wireless, VPN, router and switch security.

Section 2: SOX Act & Financial Data Security Stringent regulations on the corporate governance of publicly traded companies have been enforced by the SOX act in order to ensure the protection and validation of all financial data. Publicly traded companies need to adhere to the SOX financial data security compliance and conduct and publish financial security audits. These are mandated by the SOX Act. Sections 302 and 404 of the SOX Act are particularly significant for the implementation and compliance of financial data security and audits.

According to the above mentioned sections of the SOX Act, shareholders need to be assured and asserted by the company CEOs and CFOs that the financial statements of the company and all supplemental disclosures are truthful and reliable and that appropriate steps for security for securing integrity of the data have been taken and implemented and controlled on a consistent basis. The sections also mandate the CEOs and the CFOs to produce reliable financial information to its stakeholders (Foster, Ornstein & Shastri, 2007).

Section 404 mandates that external audit agencies need to certify the steps taken by the company and the internal financial data security audit of the company as well as the internal control of the company over the systems in place. Companies need to meet an accepted industry standard with respect to the internal controls on financial data security and control according to SOX Act Compliance.

The Internal Control Framework, published in 1992 by the Committee of Sponsoring Organizations of the Treadway Commission is the standard that is most widely accepted and adopted to comply with SOX Act compliance (Li & Wang, n.d.). Business control systems are established, documented and assessed on the basis of this framework.

The framework mentioned above defines internal controls through five components: Control Environment -- the company and its philosophy, Risk Assessment- the risks associated with the objectives, Control Activities- policies that help achieve objectives and mitigate risks, Information and Communication -- the systems used to.