SOX affects all publicly traded companies and public accounting firms, but any private companies with the potential to go public also need to understand and comply with the act’s requirements. Let Access help.
Section 404 of SOX specifically outlines the requirements to develop a records management program that ensures financial data is retained for the proper time periods. To maintain compliance, the program must take into account all of the federal and state regulations that govern records retention, in addition to SOX. Furthermore, it must also encompass all physical and digital information, including web pages, emails, voice mails, recorded calls and microfilm or microfiche records.
Public corporations must take into account that stored records and information must be easily accessible for reviews and audits. Records that are difficult to retrieve will create compliance issues and may result in fines or penalties.
While documents that have surpassed their retention requirements can be securely destroyed and disposed of, SOX requires that the records management program include a legal hold process to suspend this procedure. This means that the destruction process must cease immediately upon notification of legal action, or upon the anticipation of any foreseeable litigation.
The Sarbanes-Oxley Act was developed to safeguard the financial records of public corporations and accounting firms, in order to protect the company’s shareholders and the general public. The safeguards are designed to prevent accounting errors and fraudulent practices, as well as to improve corporate disclosures. For instance, SOX makes it a federal crime to destroy or tamper with any corporate accounting records.
While the act concentrates on the documentation, control processes and retention of financial data, all information and records that support financial statements must be accurately documented and available for review by auditors.