With all the talk this year being about the introduction of the GDPR, it’s understandable that other compliance mandates take a back seat. One such casualty of this focus is SOX compliance.
SOX (or the Sarbanes-Oxley Act) has been around since 2002 and was put into place to protect shareholders and the general public from accounting errors and fraud, as well as improving the disclosure of corporate, enterprise disclosures. Also known as the “Corporate and Auditing Accountability and Responsibility Act”, the compliance regulation requires organizations to regularly audit and keep records of changes made to their IT infrastructure.
Because it’s been around for such a long time, companies have got very well attuned to meeting this compliance, with spending and time taken meeting the requirements reducing year on year.
However, the last year years have bucked this trend, with both spending and time spent on SOX compliance audits increasing in both 2016 and 2017. In fact, a Protiviti report undertaken in 2017 (“Fine Tuning SOX costs, Hours and Controls”) suggests that over 60 percent of organizations have been concentrating more time and money on SOX compliance than previous years.
This could be due to a number of reasons, but perhaps the most probably reason is that the US Public Company Accounting Oversight Board tend to be getting stricter and issuing harsher punishments to auditors for non-compliance and general audit violations. Another potential reason is that all the talk this year and in 2017 has been about the GDPR, and specifically how the GDPR will affect companies in the USA. But, even if a lot of your efforts are going towards getting ready for the GDPR, you can’t allow yourself to forget about SOX compliance audits.
SOX Compliance Auditor
Satisfying SOX compliance audits doesn’t have to be difficult or expensive. Nowadays, many of the SOX compliance audit software on the market is affordable and easy to use. For example,
LepideAuditor enables you to monitor all the changes taking place in your organization’s key IT infrastructure, including Active Directory, Group Policy, Office 365, File Server, Exchange, SQL and SharePoint Server. Pre-defined reports and a single log for a single change help to reduce the amount of time it takes to produce satisfactory audit reports. What’s more, the auditing solution works continuously and proactively in the background, monitoring, recording and reporting on changes as they take place.
Much of this compliance can be met through the auditing of users and groups that interact with financial data. Any changes to the configurations of users can be reported on in real-time using LepideAuditor, including changes made to the permissions of users. Any changes to group memberships and groups themselves can also be audited to ensure that no users are accidentally given full administrative privileges when there are not required.
If you want an easier and quicker way to meet SOX compliance, call one of our product specialists to discuss how LepideAuditor can help. Alternatively, you can start your 15-day free trial today and see the solution up and running in your environment.