Network Security and Sarbanes-Oxley: Companies Must Have Proper Internal Controls Over Data
 
June 21, 2004
 
Roz Allen - Washington

Congress enacted Sarbanes-Oxley in the aftermath of a substantial number of high-profile accounting scandals that started to emerge in 2001. The stated objective of Sarbanes-Oxley is to restore the public’s confidence in corporate governance. A provision of that law requires CEOs and CFOs of publicly-traded corporations to attest that their companies have “proper internal controls.”

An important element of maintaining proper internal controls is to ensure that networks collecting and storing data are reliably protected against corruption and unauthorized access. While Sarbanes-Oxley does not mandate use of specific technologies, policies or procedures for maintaining the security and integrity of corporate data, it is very difficult for the highest levels of corporate management to attest that proper internal controls are in place absent independent assurance of robust and secure IT networks. It also goes without saying that, absent appropriate risk management processes, a corporation remains vulnerable to charges of inaccurate reporting to its shareholders and governmental authorities. Reporting quality is only as good as the data it is based on. Sarbanes-Oxley therefore provides yet another compelling reason for companies to make it a priority to establish comprehensive policies, practices and procedures for reliably securing its data and ensuring that collection, sharing and use of its data are compliant with federal, state and international laws.

For more information, e-mail either Lance Myers at lance.myers@hklaw.com or Roz Allen at rosalind.allen@hklaw.com or call toll free, 1-888-688-8500.