What if a company does not comply with SOX
If a company does not comply with the Sarbanes-Oxley Act, it will expose itself to the possibility of lawsuits and negative publicity. If a corporate officer, even if unintentionally, files an inaccurate certification, he or she is subject to a fine up to $1 million and 10 years in prison. [SOX IT Compliances, Christian B Lahti, Steve Lanza]
If a corporate officer intentionally files an inaccurate certification, the fine can be as much as $5 million and possible 20 years in prison. When thinking about the severity of the consequences of noncompliance for corporation and corporate officers, we must remember that the intent, although arguably misguided, was to prevent occurrences such as those that happened at MCI and Enron—hence the stiff penalties for those at the top.
Therefore, the downside of not complying with the Sarbanes-Oxley Act can be pretty severe for a company’s executive management. However, there is, perhaps not as tangible, an upside to complying. If your IT organization is typical, it is understaffed, has not done a technology assessment/refresh (applications/hardware) in quite some time, and activities like documenting and developing policies and procedures have been relegated to the backburner in deference to putting out current fires.
By no means are we suggesting that the requirement to comply with Sarbanes-Oxley Act be used as a catchall or some sort of panacea to fix all the ills that exist in your IT organization. What we are suggesting is that because of the need to comply with the Sarbanes-Oxley Act, opportunities will present themselves to address both SOX deficiencies and other IT organization defi ciencies. Moreover, with adequate research and planning, a CFO, CIO, or IT Director can capitalize on his or her compliance effort to address some of the aforementioned problems in the IT organization.
Popularity: 70% [?]
