SOX.docxRunning head: THE SARBANES-OXLEY ACT: DATA AUDITING AND MONITORING 1
THE SARBANES-OXLEY ACT: DATA AUDITING AND MONITORING 5
The Sarbanes-Oxley Act: Data Auditing and Monitoring
Student’s Name
Institution
The Sarbanes-Oxley Act: data auditing and monitoring
The United States Congress established the Sarbanes-Oxley (SOX) Act in 2002. Congress established various rules in efforts to protect the public from erroneous practices by business entities. “SOX was enacted to help ensure accountability of corporations and the accounting firms they employ by specifying detailed financial reporting requirements and imposing financial penalties and criminal sanctions on those who personally participate in fraud” (Wilbanks, 2016). Accessing internal financial systems should be limited, which helps a company in practicing ethical behaviors. When SOX financial security controls are implemented, they help in protecting data from being attacked by cybercriminals and insider threats.
Within a SOX compliance framework, data auditing and monitoring are vital to address the various enacted regulations. An auditing strategy is used by organizations to track the activities of users, modification of data, and security changes. This helps in revealing the potential and real threats. Meeting the internal controls requirements is achieved by the use of detailed auditing. It is also used in assessing the controls and determining their effectiveness. An audit looks and interviews personnel to confirm their assigned duties or database auditing to fit within the framework of SOX compliance. As a result, it helps in knowing whether their duties are in line with their described jobs and whether they have the right training to access the financial information safely. Within the compliance, several conditions and parameters should be monitored, logged, and audited. For instance, network activity, internal controls, account and login activity, database and user activity, and information access require monitoring and auditing. For the success of SOX auditing, internal controls and procedures can be audited by the use of a control framework.” In many applications, access control and other information related to user operations should be kept in secure log files for intrusion detection and violations or for audit purposes” (Roratto & Dias, 2014). This should provide an audit trail of all activities and access to business information that is sensitive.
In a SOX compliance framework, the largest component of the SOX audit is the reviews of the internal controls of a firm. The controls comprise of the IT assets, including all network hardware, computers, and any other electronic equipment that is used in the passing of financial data. For IT security, proper controls are kept in place by audits to prevent and mitigate any data breach. An organization is expected to have ready tools to remediate incidences of breaches in instances when they occur. They are advised to invest in equipment and services that can monitor and protect the financial database from fitting within the framework.
Unauthorized users are prevented from accessing any sensitive financial information of an organization. The access controls are achieved by keeping data centers and servers in better and secure locations and implementing effective and necessary passwords controls. Database auditing and compliance fit in the framework by maintaining backup systems for the protection of sensitive data. “In addition to their own compliance, companies are also grappling with assessing and managing risk from third-party service providers and vendors” (McCalmont & Courtemanche, 2014). The backup is done by organizations irrespective of whether it is stored by a third party or stored off-site. Monitoring is also achieved by managing changes such as adding new computers and users with the IT department. Also, changes to databases and other components of data infrastructure, and updates and installation of new software should be managed to comply with the SOX framework. The records on a specific time of making the changes, what exactly was changed, and the responsible person for the changes should be kept.
The SOX Act requires companies to monitor and secure their systems, such as financial systems. Accomplishing the process can be achieved by investing in a good technology that allows organizations to cover their auditing and reporting needs. The technology should also allow companies to have the power necessary for responding to the occurrence of any incidence when companies comply with the SOX requirements, cost savings increases, which helps them in carrying normal operations without any interference. Therefore, all efforts should be made by companies to ensure the safety of data and compliance with the SOX regulations.
McCalmont, S. A., & Courtemanche, M. B. (2014). U.S. Patent No. 8,818,837. Washington, DC: U.S. Patent and Trademark Office.
Roratto, R., & Dias, E. D. (2014). Security information in production and operations: a study on audit trails in database systems. JISTEM-Journal of Information Systems and Technology Management, 11(3), 717-734.
Wilbanks, D. (2016). The Sarbanes-Oxley Act: Relevant to OSH Practice?. Professional Safety, 61(2), 23.
