Sarbanes Oxley Act PENALTIES

Sarbanes Oxley Act

The Sarbanes–Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) commonly called Sarbanes–Oxley or SOX, is a United States federal law enacted on July 30, 2002, which set new and enhanced standards for all U.S. public company boards, management and public accounting firms.

The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems, and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.

The Sarbanes-Oxley (SOX) Act of 2002 legislates the duration and method in which financial companies must store records. SOX safeguards against accounting errors and financial fraud. SOX specifically states that records, including email, instant messages, and other data files must be saved for at least "no less than seven years". This allows financial regulators to easily audit transactions and email communications.

Sarbanes Oxley on data retention and information security:The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. The titles also describe specific mandates and requirements for financial reporting. Title 11, summarized below, pertains to data management, backup, and recovery:

Length of Record Retention:The Board shall (1) register public accounting firms; (2) establish, or adopt, by rule, "auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;" "The Board requires registered public accounting firms to "prepare, and maintain for a period of not less than seven years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report."

Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C 78j-1(a)) applies, shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded.

OffsiteDataSync Ensures Compliance By:

Type of Business Records and Electronic Communications Requiring Storage: Sec. 802(a)(2)The Securities and Exchange Commission shall promulgate, within 180 days, such rules and regulations are as reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review, and contain conclusions, opinions, analyses, or financial data relating to such an audit or review.

OffsiteDataSync Ensures Compliance By:

Production of Records: Section 105(b)(2)(B)Requires the production of audit work papers and any other document or information in the possession of a registered public accounting firm, or any associated person thereof, wherever domiciled, that the Board considers relevant or material to the investigation, and may inspect the books and records of such firm or associated person to verify the accuracy of any documents, or information supplied.

OffsiteDataSync Ensures Compliance By:

Retention of Complaints: Section 301(4) (A)The receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters.

OffsiteDataSync Ensures Compliance By:

Internal Controls: Section 404(a) (1)State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.

OffsiteDataSync Ensures Compliance By:

Record Alteration or Destruction: Section 802(a)Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both

OffsiteDataSync Ensures Compliance By:

Sarbanes Oxley Questions & Answers:

Q: What is the Sarbanes-Oxley Act of 2002?A: Effective in 2004, all public companies will be required (for the first time) to submit an annual assessment of the effectiveness of their internal financial auditing controls to the Securities and Exchange Commission (SEC). Additionally, each company's external auditors are required to audit, and report on the internal control reports of management, in addition to the company’s financial statements.

Q: Why was the Sarbanes-Oxley Act passed?A: The Sarbanes-Oxley Act of 2002, also known as SOX, was passed due to the accounting scandals at Enron, WorldCom, Global Crossing, Tyco and Arthur Andersen, that resulted in billions of dollars in corporate and investor losses. These huge losses negatively impacted the financial markets and general investor trust. The Sarbanes-Oxley Act mandates a wide-sweeping accounting framework for all public companies doing business in the US.

Q: What companies need to comply with Sarbanes-Oxley?A: All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing business in the US are affected. In addition, any private companies that are preparing for their initial public offering (IPO) may also need to comply with certain provisions of Sarbanes-Oxley.

Q: What is the Sarbanes-Oxley Act comprised of?A: The Sarbanes-Oxley Act itself is organized into eleven sections, but sections 302, 404, 401, 409, 802, and 906 are the most important in terms of compliance. Section 404 seems to cause the most difficulties for compliance. More specifically, Sarbanes-Oxley established new accountability standards for corporate boards and auditors, established a Public Company Accounting Oversight Board (PCAOB) under the Security and exchange Commission (SEC), and specified civil and criminal penalties for non-compliance.

Q: What does Sarbanes-Oxley compliance require and what are the Sarbanes Oxley retention requirements?A: All applicable companies must establish a financial accounting framework that can generate financial reports that are readily verifiable with traceable source data. This source data must remain intact and cannot undergo undocumented revisions. In addition, any revisions to financial or accounting software must be fully documented as to what was changed, why, by whom, and when.

Q: Does our company have to store data offsite to be Sarbanes Oxley compliant?A: The Sarbanes Oxley Act states that companies must "...maintain all audit or review work papers for a period of 5 years." It does not indicate that this storage must reside offsite however most companies realize that compliance with article 404 of SOX is fully encompassed with the solution provided by OffsiteDataSync.

Q: Why use an offsite data storage company like OffsiteDataSyncIf your data retention solution is compromised or unable to meet "an unaltered 5-year archive period" you are non-compliant and corporate officers are open to litigation, and financial penalties as noted below. OffsiteDataSync offers simple, easy and affordable coverage for complete and automated Sarbanes Oxley Compliance.

Q: What are the penalties for non-compliance with Sarbanes-Oxley?A: Besides lawsuits and negative publicity, a corporate officer who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison, even if done mistakenly. If a wrong certification was submitted purposely, the fine can be up to $5 million and twenty years in prison.

Q: How does OffsiteDataSync help your organization comply with Sarbanes Oxley as it pertains to the storage, traceability, and retrieval of digital information?A: Sarbanes Oxley requires organizations to have adequate internal control structures and procedures for financial reporting as well as maintaining all audit, or review work papers for a period of 5 years. Companies are prohibited from altering, destroying, mutilating, concealing, covering up, or falsifying records. Accordingly, OffsiteDataSync's data retention service provides an auditable and traceable process for managing digital records stored on tape media.