Sarbanes-Oxley Act (SOX) Compliance: Database Security and Automation

Verified

Added on 2022/12/20

AI Summary

This report analyzes the Sarbanes-Oxley Act (SOX) and its requirements for data source integrity in financial transactions. It explores how logging and separation of duties contribute to SOX compliance, emphasizing the importance of technical controls and internal controls like COSO and ISO. The report details the role of logs in detecting system problems and the necessity of IT security frameworks and database auditing for compliance. It also examines how database auditing, active directory, and automation can be utilized to meet SOX frameworks, covering access control, monitoring, and change management. The report highlights the consequences of non-compliance and the role of external auditors in ensuring financial accuracy.

Running head: Sarbanes-Oxley Act 1
Sarbanes-Oxley Act
Student Name
Institutional Affiliation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Sarbanes-Oxley Act 2
Sarbanes-Oxley Act
How logging and separation of duties help to comply with SOX?
Sarbanes-Oxley Act is used for describing all the requisites which are related to the data
source integrity which links with financial transactions including all the disclosures. This usually
requires the technical controls to be implemented. This usually require the app installed to
simultaneously access all the auditing towards the increased reliability of the data which is
related to the transactions made by the finance. In this case, it is the mandate of any organization
to be able to be able to implement all the various systems in existence so that they can ensure
that there is establishment of the internal controls. A good example is when there is
implementation of the COSO, ISO and the CobiT among others. Ideally, most of the logs usually
consists of fundamental information that is used in obtainance of all the activities that are applied
by the users such as the logging failures or also success, the activities at the system level such as
the write, read and delete among others such as the management of the specific account
Walsh, (2018). In this case, the logs are well-monitored, and thus making it easy to detect the
existing problems in the system by obtaining the trail of the log during the forensic investigation.
Organizations ought to have logging, IT security frameworks just as reinforcements for
the systems to guarantee that it consents to the SOX guidelines. Yearly reports by the
organizations that are traded on an open market ought to be submitted to the Security Exchange
Commission. By not consenting to SOX will contributes towards confronting punishments, trade
posting expulsion close by detainment of the officials. The officials detected to have the
misappropriation of the money related information are the ones to be charged. A survey of the
association's money related records are required by the SOX review the past budget reports are

Sarbanes-Oxley Act 3
checked by the outside evaluators to guarantee their precision. The association's financials are
controlled by the outer evaluators to have passed or fizzled.
How might database auditing and monitoring be utilized in SOX compliance?
An active directory is used to give the admin rights to access the system regularly and
thus making it convenient use of the authentication and authorization. In this case, it is able to
offer provision of the adequate control over the access permissions by identifying the
organization network. In addition, this offers the logs of the audio of the central repository which
are used for tracking all the trials made in accessing the resources which are used by the end
users. The association's financials are controlled by the outside examiners to have passed or
fizzled. Concerns are acquired by any deviation that is over 5% ("SOX Compliance | IT Security
and Compliance Guide - BMC Software," 2016).
How can a dba use automation to comply with SOX frameworks?
Likewise, the inspecting of the inner controls by SOX is looking at the accompanying
regions. It investigates the entrance in the manner server farms, and as servers are checked, they
are in safe areas. This is usually done by testing if the screen close by the passwords as well as
exploring if the Principle of least normal is actualized. It likewise looks at if the strategies of
reinforcements are accessible close by analyzing change the board by checking the way toward
refreshing or putting in new programming, increases of clients or work stations, dynamic catalog
database changes, etc.

Sarbanes-Oxley Act 4
References
Sarbanes-Oxley (SOX) Audit Requirements. (2017). Retrieved from https://www.sarbanes-
oxley-101.com/sarbanes-oxley-audits.htm
SOX Compliance | IT Security & Compliance Guide - BMC Software. (2016, September 23).
Retrieved from https://www.bmc.com/guides/security-sox-compliance.html
Walsh, K. (2018, April 11). An Automated Approach To SOX Testing. Retrieved from
https://reciprocitylabs.com/an-automated-approach-to-sox-testing/