Originally published 2nd Quarter 2004
Congress enacted Sarbanes-Oxley in the aftermath of a substantial number of high-profile accounting scandals that started to emerge in 2001. The stated objective of Sarbanes-Oxley is to restore the public’s confidence in corporate governance. A provision of that law requires CEOs and CFOs of publicly-traded corporations to attest that their companies have "proper internal controls."
An important element of maintaining proper internal controls is to ensure that networks collecting and storing data are reliably protected against corruption and unauthorized access. While Sarbanes-Oxley does not mandate use of specific technologies, policies or procedures for maintaining the security and integrity of corporate data, it is very difficult for the highest levels of corporate management to attest that proper internal controls are in place absent independent assurance of robust and secure IT networks. It also goes without saying that, absent appropriate risk management processes, a corporation remains vulnerable to charges of inaccurate reporting to its shareholders and governmental authorities. Reporting quality is only as good as the data it is based on. Sarbanes-Oxley therefore provides yet another compelling reason for companies to make it a priority to establish comprehensive policies, practices and procedures for reliably securing its data and ensuring that collection, sharing and use of its data are compliant with federal, state and international laws.
The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.