SOX affects all publicly traded companies and public accounting firms, but any private companies with the potential to go public also need to understand and comply with the act’s requirements. Let Access help.
While the act concentrates on the documentation, control processes and retention of financial data, all information and records that support financial statements must be accurately documented and available for review by auditors.
Section 404 of SOX specifically outlines the requirements to develop a records management program that ensures financial data is retained for the proper time periods. To maintain compliance, the program must take into account all of the federal and state regulations that govern records retention, in addition to SOX. Furthermore, it must also encompass all physical and digital information, including web pages, emails, voice mails, recorded calls and microfilm or microfiche records.
Public corporations must take into account that stored records and information must be easily accessible for reviews and audits. Records that are difficult to retrieve will create compliance issues and may result in fines or penalties.
While documents that have surpassed their retention requirements can be securely destroyed and disposed of, SOX requires that the records management program include a legal hold process to suspend this procedure. This means that the destruction process must cease immediately upon notification of legal action, or upon the anticipation of any foreseeable litigation.
Access’s secure records storage, encrypted infrastructure and document destruction solutions can provide the necessary protection, regulatory adherence and indemnification for all publicly traded businesses and accounting firms.