Sarbanes-Oxley (SOX) compliance: no longer “just” for big companies

Increasingly, smaller businesses are being held to higher and higher standards. These standards are NOT just for smaller businesses. (Senator Sarbanes on the left)
Last week, I wrote about the legal demands for data retention and why need a backup strategy.
WithumSmith+Brown Global Assurance (WS+B GA) offers a few practical tips you can take to be SOX compliant.
The list, created by Executive Vice President Sumit K. Pal, includes:
The lack of proper scoping of applications relevant to Internal Controls (for the regulatory compliance involved).
No proper segregation of duties among IT teams.
The exclusion of IT persons in the compliance project team from the onset of the compliance process.
The absence of a comprehensive, high-level IT strategy to synchronize with the overall business strategy along with detailed IT plans and procedures and process documentation.
No adequate patch management procedures for the network and operating system(s) and upgrades for software applications in use.
The inability of change management procedures to adequately reflect application and infrastructure changes in the organization.
Of course, if you’re a one woman shop in Texas, you don’t have much to worry about. However, the 50 person company in Virginia – just might.
Remember, even if many of these laws do not impact your business, you might want to consider implementing the policies for one of two reasons a) as you grow you’ll be prepared b) many of the things these rules force you to do are good business practices.
Read up on SOX on Wikipedia.