IPLocks and SOX Compliance

The Sarbanes-Oxley Act of 2002, commonly referred to as SOX, was passed as a direct result of corporate fraud and fiscal mismanagement at major companies such as Enron and WorldCom. Significant internal control failures associated with financial statements resulted in billions of dollars in corporate and investor losses.

As a result, SOX and other compliance regulations have emphasized the importance of securing and auditing financial data. Since accounting and financial software packages rely on databases such as Oracle and DB2 to store data, that means tighter internal controls around those database are required.

Challenges many organizations are facing

• Investments in internal controls over financial reporting are keeping you compliant but tangible benefits to the business are difficult to define
• Internal and external audit costs are continuing to rise; year three SOX efficiencies are not being realized
• IT teams are focused on generating audit reports instead of strategic IT initiatives between September and December

What the "experts" are recommending

• For improving business benefit
  • Focus your internal controls on key financial transactions and data
  • Look for opportunities to leverage automated controls that are more reliable and less expensive to test than manual controls
  • Controls monitoring improves effectiveness throughout the year
• For reducing compliance costs and IT resource strain
  • Implement controls that run reports continuously throughout the year, identifying and resolving issues early
  • Automate financial reports providing auditors with data generated throughout the year, verifying that controls were properly implemented.

IPLocks fits into your organization today

• Works with your existing databases; no changes to your applications are required
• Scalable to your future IT needs; use the features that meet your needs today, leverage other IPLocks functionality later
• Provides audit reporting templates that are based on auditor feedback; use as is or customize
• Implementing IPLocks is quick and easy

While compliance is mandated, where do you start? Implementing a solution requires careful coordination among all operating units and technology teams ensuring required security measures leave little room for hackers, viruses or malicious users. In addition, companies need to consider budget and resources for implementing new compliance controls.

Defining the Scope for Compliance

Section 404 of Sarbanes-Oxley (SOX) demands controls for people, process, and technology. The temptation for management to wait until the end of the year to begin compliance program often leaves companies under estimating the amount of time and appropriate resources required for testing. Considering the process a year-end program, instead of a year-round program leaves no time for testing and assessing that individual controls are effective or to remediate any issues and retest if necessary.

The areas that must be considered for ensuring compliance include:

• SOX Compliance and Financial Reporting
• Internal IT Controls
• Database Security

IPLocks provides those controls from the database perspective, where your most critical financial data is, enabling businesses to implement key controls that SOX compliance auditors need to see.

For more information, you can contact IPLocks directly at iplocks-sales@iplocks.co.jp or by calling +81-50-3786-6911.