SOX Compliance Failures
One could easily imagine a corporation that doesn’t look too bad on its first audit, but some material findings emerge related to SOX 404 issues [Security Control for SOX, Dennis C Brewer]. The company fixes some things and then gets audited by a different team capable of a more detailed technology audit, leading to more negative findings in audit year two. The company fixes the year-two findings only to be audited in year three by yet another more sophisticated team, and behold, more negative audit findings related to the quality of controls. After a scenario like that, Wall Street analysts may feel compelled to point out to the stock-buying public that company X seems to be having difficulty correcting its compliance issues, and they may downgrade the outlook for the company because it just can’t seem to get a grip on instituting the necessary controls.
The control issues surrounding compliance with SOX-like mandates do not apply only to public companies. Governments at all levels, the nonprofit sector, and closely held companies all face the need to satisfactorily protect the integrity of their confidential information and provide adequate controls on access to data stores and to counter the liability of losses of clients and members personally identifying information. For some nonprofit organizations, the financial risk of litigation resulting from inadequate controls may be far greater than any harm from adverse audit findings.
Popularity: 52% [?]
