Ensuring Transparency of Corporate Financial Operations
Accurate and Verifiable Corporate Disclosures
The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that sets a list of requirements for all U.S. publicly-traded company boards, management, and public accounting firms. The purpose of the legislation is to improve the accuracy and reliability of corporate disclosures.
Executive Responsibility, Corporate Audits
Sections 302 (“Corporate responsibility for financial reports”) and 404 (“Management assessment of internal controls”) are of particular interest to information professionals. 302 holds CEO and CFOs personally responsible for disclosure accuracy, while 404 requires corporations to have their internal controls audited and reported annually to the SEC.
Real-Time Notification of Unusual Activity
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Monitor Relevant Group Membership
Review and keep secured system access to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Monitor Secured System Permissions
Keeping group membership current is only half the battle – you must ensure that permissions on secured systems stay the way they were intended. Cygna Auditor's permissions reports enable you to be sure access is correct.
Monitor Activity on Secured Systems
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Examples of Addressed SOX Compliance Requirements
The Information Technology Governance Institute (ITGI) has used COSO and COBIT frameworks to create a set of specific IT control objectives for SOX. The requirements below are an example of COSO / COBIT recommendations that apply to Cygna Auditor.
AI3.2 Infrastructure Resource Protection and Availability
AI6.5: Change Closure and Documentation
AI7.7: Final Acceptance Test
DS3.5: Monitoring and Reporting
DS4.3: Critical IT Resources
DS5.3: Identity Management
DS5.5: Security Testing, Surveillance and Monitoring