Sarbanes-Oxley Act (SOX)
What is Sarbanes-Oxley Act (SOX)?
Sarbanes-Oxley Act (SOX)U.S. federal law from 2002 that imposes governance, internal-control, and reporting requirements on publicly traded companies to protect investors.
The Sarbanes-Oxley Act of 2002 (SOX) was enacted by the U.S. Congress after the Enron and WorldCom scandals to restore confidence in financial reporting. It applies to publicly listed companies in U.S. markets and their auditors, and imposes governance, certification, and internal-control requirements. Section 302 makes executives personally certify financial statements; Section 404 requires management to assess — and external auditors to attest to — the effectiveness of internal control over financial reporting (ICFR). IT general controls (access management, change management, backup, and logging) underpin SOX compliance, and the law is enforced by the SEC and the Public Company Accounting Oversight Board (PCAOB).
● Examples
- 01
A NYSE-listed company performing annual SOX 404 testing of ERP application controls.
- 02
An external auditor issuing an opinion on ICFR for a Fortune 500 issuer.
● Frequently asked questions
What is Sarbanes-Oxley Act (SOX)?
U.S. federal law from 2002 that imposes governance, internal-control, and reporting requirements on publicly traded companies to protect investors. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Sarbanes-Oxley Act (SOX) mean?
U.S. federal law from 2002 that imposes governance, internal-control, and reporting requirements on publicly traded companies to protect investors.
How do you defend against Sarbanes-Oxley Act (SOX)?
Defences for Sarbanes-Oxley Act (SOX) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Sarbanes-Oxley Act (SOX)?
Common alternative names include: Sarbanes-Oxley, SOX.