Identify, control and audit the flow of financial information and IP to ensure integrity of financial reporting processes to meet SOX compliance
The Sarbanes-Oxley Act (SOX) restructures processes and accountability for financial reporting in U.S. public companies. Corporate management must establish, evaluate and monitor the effectiveness of their internal controls over financial and operational processes, every year.
In particular, SOX section 404 requires executives and outside auditing to report on a company's internal control over financial reporting (ICFR) procedures to assure and improve timeliness, transparency, accuracy, and confidentiality of financial data.
Though most financial reporting processes occur on back-office systems, a large portion still takes place on desktop applications like spreadsheets or e-mail. SOX also requires that companies avoid the significant legal exposure and revenue loss that could result from loss or leakage of intellectual property (IP).
Violations can result in civil penalties up to $5 million, and criminal penalties up to 20 years in prison. To mitigate the time and cost in testing manual and automated financial controls, managers generally adopt an internal control framework such as COSO and reduce costs of evaluating control manual procedures through automation.
Sarbanes-Oxley (SOX) Compliance Applications
NextLabs' solution is a set of applications that include a predefined set of policy libraries, reports, and components. Policy sets can be easily customized to the environment or used as templates to create new policies. SOX Compliance Solutions help US-listed companies implement internal controls that protect data and audit information usage as mandated by Sarbanes-Oxley by assisting them to:
- Discover the flow of information over the financial reporting process, to identify gaps in compliant information access or usage that may result in material misstatements of financial position.
- Provide automated alerts to guide information handling and ensure that all participants in the financial reporting process are aware of proper information handling.
- Protect financial data from access and modification by unauthorized users, to preserve data integrity.
- Prevent loss or leakage of intellectual property by improper disclosure, to preserve confidentiality.
- Control the communication of financial information over e-mail and other communications channels.
- Grant authorized users the access and editing rights to specific data in a spreadsheet, while locking down other areas.
- Automatically retain financial records and spreadsheet updates, and archive copies for future audits.
- Automate information handling procedures to reduce errors and improve process timeliness.
- Dynamically provision and de-provision access and usage.
- Create detailed logs and audit trails of information access and usage to track access and alteration of financial information. Report in a format that can be easily stored, viewed, and imported into other enterprise systems.
- Report on effectiveness of company-level (entity-level) internal information controls, which correspond to the components of the COSO framework.
- Support compliance activities without changing the way users work.