KT Connections Blog

By accepting you will be accessing a service provided by a third-party external to https://ktconnections.com/

How to Comply with Sarbanes-Oxley (SOX) During COVID-19

How to Comply with Sarbanes-Oxley (SOX) During COVID-19

Although the Sarbanes-Oxley (SOX) Act was established in 2002, businesses that have been compliant are facing challenges remaining compliant during the pandemic. Can your organization remain in compliance with SOX, when the majority of your team is locked away in their homes? 

The Sarbanes-Oxley Act of 2002 is a complex and important piece of legislation designed to prevent the behavior which led to the Enron scandal from occurring again. Let's take a look at three of its key provisions: Section 302, Section 404, and Section 802.

Section 302 of the SOX Act of 2002

Section 302 requires that senior corporate officers must personally certify in writing that their company's financial statements "comply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer." Most importantly, officers who sign off on financial statements verify that they know that if they are inaccurate, they are subject to criminal penalties, including prison terms.

Section 404 of the SOX Act of 2002

Section 404 mandates that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. To clarify, management is required to test internal controls every quarter, and then file a report on the sufficiency and effectiveness of the controls.  

Section 802 of the SOX Act of 2002

Section 802 is particularly important for accountants, CPAs, and law firms, due to the data they are responsible for. This type of sensitive data is always in danger of being hacked. This section covers:

  • The destruction and falsification of records.
  • The retention period for storing records. 
  • The types of business records that companies need to store, including electronic communications.

During these trying times we can see how problematic it can be for businesses to adhere to Sarbanes-Oxley, (SOX), particularly with many of your systems being disrupted due to businesses being closed or switching their workforce to remote. For example, how can your senior corporate officers personally certify in writing that their company is in compliance with SOX, if they are not in the office due to social distancing? It’s definitely going to add some complexity if you aren’t prepared.

One thing this crisis has shown is how valuable technology can be when it comes to keeping your business operating at levels close to or even in some instances beyond what they were pre-coronavirus. In the case of needing signatures, KT Connections can help your organization create documents with e-signatures, removing the need for clients to come into the office to sign documents. As it is based in the cloud, it is easy for multiple signatures to be obtained. Cloud computing also provides additional solutions for your need to remain compliant with SOX, for example Section 802.

Cloud Computing and SOX

The solution to the problem of communication and collaboration between your team, clients, and business is cloud computing. While cloud computing offers a wealth of solutions which will help your business to thrive in this environment, it is essential that your MSP has an understanding of how best to support you. For example as a Microsoft Cloud Solution Provider (CSP), KT Connections is uniquely situated to provide your organization the resources it needs to take advantage of the cloud.

When it comes to Section 802, before you decide to use cloud computing to ensure compliance with SOX, there are some questions you should ask your provider(s) to avoid coming into conflict with the federal government:

  • Where is my data stored?
  • Who has access to the storage areas or data centers?
  • How is my data protected?

If any of these questions can’t be answered in a manner that complies with the SOX act, your business is not only at risk of federal action, but also may face financial penalties from the state if they do run afoul of South Dakota’s Data Breach law, which can have penalties up to $10,000. The truth of the matter is if you're not sure that you will be able to be in compliance with SOX, you most likely can't ensure you will be in compliance with S.B 62.

Cloud Computing Is The Solution

The advantage of cloud computing is that many of the requirements of Sarbanes-Oxley can easily be managed and controlled for. Concerned about records being destroyed or falsified? Secure data backup and recovery, allows for multiple copies to be securely retrieved in case they are needed. Further by utilizing the appropriate permissions, including identity and access management, only the highest levels of your organization will even be able access sensitive documents, preventing them from being compromised. Unlike with paper documents, electronic documents have an infinitely longer lifespan and aren't at risk of loss as paper is.

Finally, SOX applies to a variety of business records including electronic communications, such as phone calls, text, video and more, with a VoIP system in place, you never have to worry about losing track of a call or whether or not it was retained. Moreover Microsoft 365 Business provides all the tools needed to keep track of all your team and client communications.

Uncertain How to Remain in Compliance with SOX?

KT Connections can ensure you remain in compliance with SOX, by utilizing software solutions such as customer relationship management (CRM) and document management to comply with the three main sections of the SOX Act. We offer a wide range of services to assist your business as they navigate the requirements of the Sarbanes-Oxley Act. 

For more information on the Sarbanes-Oxley Act, visit the Government Publishing Office’s website. You can read our analysis on SOX and get a quick understanding of the Sarbanes-Oxley Act. KT Connections is here for South Dakota small and medium-sized businesses. Our flat-rate managed IT gives local businesses like yours the ability to compete on your terms and above your weight class. KT Connections are experts in HIPAA, and PCI DSS compliance as well. Call 605-341-3873 today to schedule an appointment.

Exploring the Risk in Business VPNs
Tip of the Week: Advanced Google Searches