Industry Solutions

Public Companies

Complying with Sarbanes-Oxley (SOX)

Created in response to the accounting scandals that occurred at major corporations in 2001 and 2002, SOX requires that publicly-traded companies ensure their internal business processes are properly monitored and managed. This includes having an outside auditor certify the accuracy of financial statements and conducting an annual assessment of internal controls relating to the security of critical data, particularly financial information.

SOX includes several major provisions, but two specifically stipulate that public companies ensure their business processes are maintained within an adequate internal control structure. Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. Under Section 404 of the Act, management is required to produce an adequate internal control report as part of each annual Exchange Act report. The outside auditors must confirm management's internal control assessment.

Because financial reporting processes are driven by IT systems, it is necessary that IT plays a vital role in internal control and ensures the security, accuracy and reliability of these systems to manage and report the financial data. The Securities and Exchange Commission (SEC) has identified five areas that need to be addressed to meet SOX internal control requirements and support compliance, two of which are risk assessment and monitoring. Risk assessment involves understanding the areas of risk affecting the completeness and validity of financial reports by examining how the company's systems are being used. Monitoring entails scheduling regular internal audits by IT personnel and audits performed by personnel outside the organization.

How NeXpose Helps

If your company is publicly-traded, NeXpose assists you with achieving SOX IT security compliance by scanning the enterprise to locate areas of risk in your systems and networks and monitoring your environment via the internally-installed NeXpose software or appliance and externally-performed NeXpose hosted services. A comprehensive risk assessment report is provided detailing any areas of risk discovered and and providing steps for remediation.

  • Analyst Report Forrester Report on how to Justify Your Security Program Free Report Copy Download
  • Analyst Report Read the Gartner MarketScope Download Free Copy Download
Featured Clients
Anadarko Logo Sempra Energy Logo Southern Company Logo Extrade Logo Jefferies Logo Allergan Logo Biogen Idec Logo Pediatrix Logo Liz Claiborne Logo Perrry Ellis Logo Regis Corporation Logo Seacor Holding Logo
Most Read
Most Downloaded
Press Releases