top of page
  • Writer's picturesushma jain


Updated: Oct 31, 2022

United States in 2002 legislated Sarbanes- Oxley Act (SOX) to protect the Shareholders and general public from accounting errors and fraudulent practice in the enterprises, and to improve the accuracy of corporate governance and accountability, in light of the financial scandals that occurred at Enron, Tyco, WorldCom and among others.

All public companies from US or raising funds from US have to now must comply with SOX, both on the financial side and on the IT side. The way in which IT departments store corporate electronic records changed as a result of SOX. While the act does not specify how a business should store records or establish a set of business practices, it does define which records should be stored and the length of time for the storage.

To comply with SOX, corporations must save all business records, including electronic records and electronic messages, for “not less than five years.”

Consequences for noncompliance include fines or imprisonment, or both.

The SOX set out reforms and additions in four principal areas:

1. Corporate responsibility

2. Increased criminal punishment

3. Accounting regulation

4. New protections

The Objectives - SOX

a) Improvement in quality & transparency in financial reporting.

b) Independent audit & accounting services for the listed companies.

c) Creation of Public Accounting Oversight Board.

d) Increased corporate responsibility.

As per Section 302 of the SOX Act of 2002, which mandates that senior corporate officers personally certify in writing that the company's financial statement "comply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer." Officers who sign off on financial statements that they know to be inaccurate are subject to criminal penalties, including prison terms.

As per Section 404 of the SOX Act of 2002 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it's often expensive to establish and maintain the necessary internal controls.

As per section 802 of SOX, three rules of management of electronic records. Which are as follows:-

1. This rule concerns the destruction, alteration, or falsification of records and the resulting penalties.

2. A rule that defines the retention period for record storage, best practice suggest corporations securely store all business records using the same guidelines as public accountants.

3. This rule outlines the type of business records that need to be stored, including all business records, communications, and electronic communications.


We should have in place the correct security controls in place to ensure that financial data is accurate and protected against loss. Developing best practices and relying on the appropriate tools helps businesses automate SOX compliance and reduce SOX management costs.

Data classification tools are commonly used to aid in addressing compliance challenges by automatically spotting and classifying data as soon as it is created and applying persistent classification tags to the data.

Section 906 – Written statement/ certificate from CEO & CFO

Section 906 mandatory requires a written statement to be submitted by CEO & CFO.

This certificate is to be submitted on periodic basis, that is its linked to when the results are declared or periodic reports are submitted.

Contents of Written Statement:-

“Shall Certify that the periodic report containing the financial statements fully complies with the requirements of section 13(a) or section 15 (d) of the Securities Exchange Act 1934 and the information contained in the periodic report fairly presents, in all materials respects, the financial condition and results of the operations of the issuer”.

It’s paragraph “(c)” in section 906 where penalties for violations are recorded. These penalties are for either;

1. Knowingly certifying a report that does not “comport” with the requirement of section 906

2. Willfully certifying a report that does not “comport” with the requirement of section 906

The fine for a knowing violation will be “not more” than $1,000,000 or imprisoned “not more” than 10 years in prison, or both. A willful violation is significantly more costly at “not more” than $5,000,000 or 20 years in prison, or both.

In similar manner, In India also we have laws which take care of this, In Companies Act 2013, Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015, Compliance report on Corporate Governance by Listed Entities.

The Companies Act, 2013, now requires auditors to also opine on whether a company has an adequate internal financial controls (IFC) system in place and the operating effectiveness of such controls. This is in addition to the existing audit opinion on financial statements.

Companies Act, 2013: Section 134(5)(e) explains internal financial controls as the policies and procedures adopted by the Company for ensuring the orderly and efficient conduct of its business , including adherence to Company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records and the timely preparation of reliable financial information. Section 143(11) of 2013 Act requires that the auditor’s report of specified class of companies should include a statement on prescribed matters.

Choose from 8 stunning layouts

Your Wix Blog comes with 8 beautiful layouts. From your blog's settings, choose the layout that’s right for you. For example, a tiled layout is popular for helping visitors discover more posts that interest them. Or, choose a classic single column layout that lets readers scroll down and see your post topics one by one.

Every layout comes with the latest social features built in. Readers can easily share posts on social networks like Facebook and Twitter and view how many people have liked a post, made comments and more.

Add media to your posts

When creating your posts you can:

  • Upload images or GIFs

  • Embed videos and music

  • Create galleries to showcase a media collection

Customize the look of your media by making it widescreen or small and easily align media inside your posts.

Hashtag your posts

Love to #hashtag? Good news!

You can add tags (#vacation #dream #summer) throughout your posts to reach more people. Why hashtag? People can use your hashtags to search through content on your blog and find the content that matters to them. So go ahead and #hashtag away!

1 view0 comments

Recent Posts

See All
bottom of page