« Sarbanes-Oxley’s Impact on IT Departments
Six IT Controls Required for Sarbanes-Oxley Compliance »

Simple explanation about Sarbanes Oxley

302: The CEO and CFO are directly responsible for the accuracy, documentation, and submission of all financial reports, as well as the internal control structure to the SEC.

(Translation: The CEO and CFO are on the hook for making sure the company’s financial reports sent to the US Securities and Exchange Commission are right. We talk more about Section 302 in a bit.)

401: Financial statements must be accurate, without any incorrect information, and include all off-balance sheet liabilities, obligations, or requirements.
(Translation: It is no longer possible for companies to hide any information that might affect their share price if it became common knowledge. They must present their true face to the world, warts and all.)

404: All annual financial reports must contain an Internal Control Report, stating that management is responsible for an “adequate” internal control structure. Management should provide an assessment of the internal control structure, and report any shortcomings.
(Section 404 is another biggie;)

406: Companies must disclose whether they have adopted a code of ethics for their top financial managers and if not, why not. The code must establish standards and provide for avoiding conflicts of interest. It must mandate personal and corporate compliance with SOX regulations.
(Translation: A code of ethics will guide financial managers on how to behave should they be tempted to stray from the path.)

409: Companies are required to disclose on an almost real-time basis information concerning material changes in its financial condition or operations.
(Translation: If there are big changes to the company’s financial condition or its operations, the company has to tell the SEC.)

802: Imposes fines and/or sentences of up to 20 years imprisonment for altering or destroying records with the aim to disrupt a legal investigation.
(Translation: Destroying documents is bad.)

906: Requires that each periodic report filed with the SEC is certified by the CEO and CFO and that it complies fully with the statute and presents fairly the financial condition of the company.
(Translation: So that CEOs and CFOs can never again say, “I didn’t know.”)

source: SAP GRC

Popularity: 21% [?]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • Digg
  • del.icio.us
  • Technorati
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • NewsVine

This entry was posted on Sunday, January 18th, 2009 at 10:02 pm and is filed under control, reporting, sarbanes oxley, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply