SOX Laws relavent for SAP Security Professionals

Sarbanes & Oxley Act (SOX) is a set of Sections (Guidelines) that the Publicly traded Companies in US need to adhear to. These are designed to make sure that the conducts its activities in a systematic manner and the risk of fraud is minimised and to bring in accountability.

Section 302 and 404 are the main sections which are relevant to Sap Internal Auditors/security administrators.

Section 302
It relates to disclosure of Financial reports by CEO/CFO on quarterly basis and they need to certify that all the information provided is correct and should own responsibility for any false doings.

section 404
Relates to disclosure by management that required Internal controls have been put in place and disclosure of the internal controls adopted. It also required the attestation of the External Auditors report on the Internal controls and their effectiveness and weaknesses.

Section 301 and 409 also have some relevance.

Section 301 :
It relates to responsibility of the companies auditing team put the required controls in place for the companies employees to anonymously and confidentially submit theirs concerns regarding any questionable accounting and auditing procedures in place.

Section 409:
Refers to Disclosure by Audit committee of the company to the public about any financial or Operational changes in an easily understandable way to the public.

No comments: