The Sarbanes–Oxley act requires business to provide greater assurance in their governance and control processes. Its coverage includes board responsibilities, auditor independence, corporate governance, financial disclosures and internal controls and the assurance around them.
Section 404 details the requirements on internal controls and the way in which they are operated, audited or assured.
For many business implementation and compliance can be costly as traditional manual controls are difficult to document and test, hence there has been a significant investment in centralisation, automation and process/control assurance. Although focussed primarily on financial controls and systems, the requirements almost immediately overlap into the technical security-related areas of system monitoring, identity and access management and fraud/misuse/anomaly detection.
There is also a linkage to the COSO-defined framework (http://www.coso.org) that defines the internal control processes and recognises the importance of top-down risk assessment and management.
Huntsman forms a key part of the security and risk monitoring environment that business need to comply fully with SOX requirements; taking on oversight, monitoring and reporting in a centralised way that enables alerting on defined risk patterns, anomalies (like fraudulent user activity) and providing real-time compliance information and simplified, automated reporting.
Centralisation and Automation
It has been noted that “SOX 404 compliance costs represent a tax on inefficiency, encouraging companies to centralize and automate their systems”. Huntsman can help businesses reduce these costs by doing just that.