Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act sets internal reporting requirements to protect investors and the general public from corporate fraud. Find out what this means for your business.
What is the Sarbanes-Oxley Act (SOX)?
SOX affects all publicly traded companies and public accounting firms, but any private companies with the potential to go public also need to understand and comply with the act’s requirements. Let Access help.
The Sarbanes-Oxley Act was developed to safeguard the financial records of public corporations and accounting firms, in order to protect the company’s shareholders and the general public. The safeguards are designed to prevent accounting errors and fraudulent practices, as well as to improve corporate disclosures. For instance, SOX makes it a federal crime to destroy or tamper with any corporate accounting records.
While the act concentrates on the documentation, control processes and retention of financial data, all information and records that support financial statements must be accurately documented and available for review by auditors. This includes:
- Corporate policies and procedures.
- Approvals and authorizations.
- Verifications and recommendations.
- Financial performance reviews.
- Audit reports and work papers.
What does this have to do with records management?
Records Retention: Section 404 of SOX specifically outlines the requirements to develop a records management program that ensures financial data is retained for the proper time periods. To maintain compliance, the program must take into account all of the federal and state regulations that govern records retention, in addition to SOX. Furthermore, it must also encompass all physical and digital information, including web pages, emails, voice mails, recorded calls and microfilm or microfiche records.
Records Retrieval: Public corporations must take into account that stored records and information must be easily accessible for reviews and audits. Records that are difficult to retrieve will create compliance issues and may result in fines or penalties.
Records Destruction: While documents that have surpassed their retention requirements can be securely destroyed and disposed of, SOX requires that the records management program include a legal hold process to suspend this procedure. This means that the destruction process must cease immediately upon notification of legal action, or upon the anticipation of any foreseeable litigation.
How can Access Records Management Help?
Access’s secure records storage, encrypted infrastructure and document destruction solutions can provide the necessary protection, regulatory adherence and indemnification for all publicly traded businesses and accounting firms.
- We provide the highest levels of security concerning financial data and its related records.
- We tailor access levels according to your internal policies and controls, and monitor all access to provide a clear audit trail.
- We follow regulatory developments so that we can quickly update our procedures and assure continued compliance.
- We maintain NAID AAA certified and PCI DSS compliant facilities for the onsite and mobile destruction of physical documents, computer hardware and all forms of digital media.