What is SOX?
The Sarbanes Oxley Act took its birth in the year 2002. It is shortened and more popularly referred to as SOX. This is legislation passed in response to the huge financial scandals of WorldCom and Enron. The act is administered by SEC (Securities and Exchange Commission) that is responsible for regulatory compliance and also publishes requirement rules. SOX neither relates to any set of business practices nor specifies the manner in which a business is expected to store its records. However, SOX stipulates the type and duration of records to be stored.
Purpose of SOX
The objective and purpose of SOX is protection of shareholders and general public from activities emerging from fraudulent practices and accounting errors in enterprises. SOX aims to improve reliability and accuracy of corporate disclosures. The Act established new standards for corporate accountability and new penalties for corporate wrongdoings. It has changed the way executives and corporate boards interact with each other as well as with corporate auditors. SOX eliminates the defense statements of CFOs ad CEOs claiming unawareness of financial issues.
SOX does not just hold financial side of corporations accountable but is also applicable to IT departments that store an organization’s electronic records. The Act stipulates that all business records inclusive of electronic messages and electronic records must be saved for a period of at least five years. Where there is non-compliance to the requirement, consequences can in the form of fines, imprisonment or both. The Act has subsections related to maintenance of electronic records in terms of manipulation, retention period and type of records.