The Sarbanes-Oxley Act of 2002 , also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called Sarbanes-Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals. The cost of complying with SOX 404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment. As such the SEC passed Auditing Standard 5 to some what level the playing field for smaller public companies who must meet SOX compliance standards.

Client Case

A newly established public,  multi-national  electronic engineering organization needed to meet federally mandated SOX compliance. The organization also recently completed a merger and acquisition with a smaller engineering company which was less mature in regards to IT operations and processes. This made complying with SOX much more challenging because it required a major cultural change for IT personnel. The client needed to become compliant with all Section 404 controls to include but not limited to.

• Planning and Operations
• Program Change
• Access Management
• Logical Security
• Physical Security
• Environmental Controls

Client Solution

To achieve this we engaged the client  for an on site 3 month Management Consulting service. This included Project Management and Oversight of 3rd party auditors, ITCG process implementation, a business process automation solution for continued SOX controls  and ongoing support efforts. The following lists represents specific solutions put in place to meet SOX compliance. Ultimately the client received a positive management report which was published with the annual 10K filing. Below is a list of specific services completed to obtain SOX compliance for this medium sized public company.

• ITCG Management Oversight
• ITIL Process implemetation mapped to ITCG Controls Standards
• Automated Business Process Optimization for Daily, Quarterly, Semi Annual and Annual ITCG Controls
• SOX Quarterly Reviews to meet end of year audit expectations

This article was originally written by one of our consultants (RJS-Solutions).