Sox-GBLA-OCC & remediation


Created in response to the accounting scandals that occurred at major corporations in 2001 and 2002, SOX requires that publicly-traded companies ensure their internal business processes are properly monitored and managed. This includes having an outside auditor certify the accuracy of financial statements and conducting an annual assessment of internal controls relating to the security of critical data, particularly financial information.

SOX include several major provisions, but two specifically stipulate that public companies ensure their business processes are maintained within an adequate internal control structure. Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. Under Section 404 of the Act, management is required to produce an adequate internal control report as part of each annual Exchange Act report. The outside auditors must confirm management's internal control assessment.

Because financial reporting processes are driven by IT systems, it’s necessary that IT plays a vital role in internal control and ensures the security, accuracy and reliability of these systems to manage and report financial data. The Securities and Exchange Commission (SEC) has identified five areas that need to be addressed to meet SOX internal control requirements and support compliance, two of which are risk assessment and monitoring. Risk assessment involves understanding the areas of risk affecting the completeness and validity of financial reports by examining how the company's systems are being used. Monitoring entails scheduling regular internal audits by IT personnel and audits performed by personnel outside the organization.

Gramm-Leech Bliley Act (GLBA) ComplianceHow ABMCG Helps

The GLBA became fully effective on July 1, 2001. The law applies to banks, brokerage firms, tax preparation companies, insurance companies, consumer credit reporting agencies and a wide variety of other financial services firms. Violations of the GLBA may result in a fine of up to $100,000 dollars and 5 years in jail. The primary focus of the GLBA is the protection of customer’s personal financial information.

Regulated organizations must insure the security and confidentiality of customer records and information and the law requires that access to all customer records be meticulously controlled to prevent substantial harm or inconvenience to customers.

Complying With the Office of the Comptroller of the Currency Advisory Letter (OCC)How ABMCG Helps

On June 14, 2004 the OCC Advisory sent out a letter highlighting issues regarding Electronic Record Keeping in light of the E-SIGN Act. 15 USC 7001. The letter addressed key issues posed by electronic record keeping systems. The OCC Advisory letter stated that banks should implement an electronic record retention system to allow litigation, audits, bank supervision, and compliance with laws & regulations. Systems should also prevent external access by third parties, and provide back-up, internal controls, record destruction, and record retention.

How ABMCG Helps

If your company is publicly-traded, ABMCG can assist you with achieving SOX/GLBA/OCC IT security compliance by scanning the enterprise to locate areas of risk in your systems and networks and monitoring your environment. A comprehensive risk assessment report is provided detailing any areas of risk discovered, along with outlined steps for remediation.

Additional Information

If you would like additional information on Services/Industries Solutions or other ABMCG solutions or services, please contact us