The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
The SOX email storage requirements can be fulfilled using the
GFI MailArchiver
SOX Advertisers
Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Couple of basic questions on the Sarbanes-Oxley Act
Posted: Sun Mar 25, 2007 4:02 pm Post subject: Couple of basic questions on the Sarbanes-Oxley Act
The first sentence of this site says 'The Sarbanes-Oxley Act of 2002 is mandatory. ALL organizations, large and small, MUST comply.'
With all organizations, does this page mean all organizations or all organizations with the following requirements:
Listed at the New York Stock Exchange or belonging to such an organization
A market capitalization of $75 million
Any organization that audits said listed organization
Did I miss any requirements?
And as for the large and small, is there a certain deadline where those organizations must comply with SOx? I get the idea that mostly larger organizations have complied with SOx while the smalller ones are "lagging" behind. Mainly due to the implementation costs of SOx. Been using the search function but it's a bit confusing with overseas/foreign and extending deadlines etc.
As for abbreviation issues, is it OK to refer to it as SOx, SOX, SOA (this one is conflicting with at least 2 definitions actually) or Sarbox/SarbOx?
Thank you for the help in advance,
Seiruu
Edit 1: Thank God you can edit the topic title, it would have been quite embarrassing for me otherwise :p
Joined: Jan 12, 2006 Posts: 849 Location: Roanoke, Virginia
Posted: Tue Mar 27, 2007 8:49 am Post subject:
Hi Seiruu and welcome to the forums I'm more on the IT side, so I'll share links rather than specific advice, as it's important to thoroughly research compliancy requirements specifically for your company in detail.
The following links might be helpful in delinating requirements between large and small company compliance criteria:
Direct URL links in the forums aren't allowed, and please copy and paste these to your browser:
General Internet Search - Several good links here Please paste to browser and add www
google.com/search?hl=en&q=which+companies+need+to+comply+with+Sarbanes-Oxley
Wikipedia - Excellent Resource Please paste to browser and DO NOT add www
en.wikipedia.org/wiki/Sarbanes-Oxley_Act
Official SEC rules Please paste to browser and add www
sec.gov/rules/final/33-8238.htm
Official SEC rules - Section "H" discusses company requirements Please paste to browser and add www
sec.gov/rules/final/33-8238.htm#iih
SOX 101 site - One of favorites for easy to understand explainations
sarbanes-oxley-101.com/sarbanes-oxley-faq.htm
Quote:
What companies need to comply with Sarbanes-Oxley?
All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing in business in the US are effected. In addition, any private companies that are preparing for their initial public offering (IPO) may also need to comply with certain provisions of Sarbanes-Oxley.
When did Sarbanes-Oxley compliance take effect?
All parts of the Sarbanes-Oxley Act with the exception of Section 409 are effective now. For Section 404, public companies with a market capitalization over US $75 million needed to have their financial reporting frameworks operational for their first fiscal year-end report after November 15, 2006, then for all quarterly reports thereafter. For smaller companies, compliance is required for the first fiscal year-end financial report, then for all subsequent quarterly financial reports after July 15, 2006
Thank you very much, I will look into them. Especially the FAQ 101 thing was new to me. It's not entirely up to date I think, as I did read a recent article on SEC pushing the deadline for small businesses back to middle 2007? Something like that anyway.
Also, I was wondering if there are any widely recognized/established "Best Practices" for SOX compliance for bigger and smaller organizations?
Joined: Jan 12, 2006 Posts: 849 Location: Roanoke, Virginia
Posted: Tue Mar 27, 2007 11:42 am Post subject:
Seiruu wrote:
... FAQ 101 thing was new to me. It's not entirely up to date I think, as I did read a recent article on SEC pushing the deadline for small businesses back to middle 2007? Something like that anyway
Yes - The FAQs may need some updating, as I saw on the SOX 101 news site more info related to smaller companies.
SOX 101 - News site Please paste to browser and add www
sarbanes-oxley-101.com/sarbanes-oxley-news.php
Small Companies Play the Sarbanes-Oxley Waiting Game No www needed - please paste to browser
prweb.com/releases/2007/3/prweb513381.htm
Seiruu wrote:
... if there are any widely recognized/established "Best Practices" for SOX compliance for bigger and smaller organizations?
Many audit firms use COSO and COBIT as "measurements" for SOX compliancy. COBIT 4.0 as a framework for IT standards (SOX 404) and COSO for the financial controls framework.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
I'm more on the IT side, so I'll share links rather than specific advice, as it's important to thoroughly research compliancy requirements specifically for your company in detail.
