What is Sarbanes-Oxley?
The Sarbanes-Oxley (SOX) Act is the most notable component of a range of laws and regulations introduced by the US regulator, the Securities and Exchange Commission (SEC). Section 404 addresses the internal control over financial reporting.
As a result CEOs and COOs have to personally certify that their organisation’s internal control environment covers the following criteria:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with all applicable laws and regulations.
To achieve this, organisations must provide evidence that its internal control environment complies with 5 key elements:
1. Control Environment: that controls are part of the organisation’s culture
2. Risk Assessment: that risks are being managed
3. Control Activities: that comprehensive policies and procedures setting control standards exist
4. Information and Communication: that key control information is provided to the board
5. Monitoring: that a mechanism is employed to constantly certify, monitor and repair key controls.
Optial provides the infrastructure for creating, implementing and maintaining a full range of controls required for SOX compliance.
Automating SOX activity
For many organisations Sarbanes-Oxley QA and audit activities can be resource and manually intensive. Optial offers a comprehensive set of tools for automating the activity required to define, maintain and test controls on an on-going basis, providing a platform for compliance and both internal and external audit evidence.
An Optial solution for SOX consists of the integrated Governance, Risk and Compliance and Audit modules, alongside the powerful reporting capabilities of Optial Business Intelligence. Additionally Optial can provide integrated support for SOX compliance along with all other compliance, audit and risk management activities across the enterprise.