Conduro Ventures
Healthcare Information Security Consultants


SOX Compliance


With over 10 years of expertise behind you, be confident your reporting is reliable, in compliance, and ready for audits.

What is SOX Compliance?

The Sarbanes-Oxley Act of 2002 was created to protect investors from accounting fraud, specifically that which is related to shares sold by publicly traded corporations. The Sarbanes-Oxley Act is a deliberate effort to mandate strict reforms regarding how corporations make financial declarations. This law mandates increased vigilance with regards to disclosures related to the financial state of the company, particularly when it comes to earnings and profitability.

Publicly traded corporations are those that sell shares of stock to private and institutional investors. Thus, there is significant motivation for companies to fraudulently manipulate data to indicate that it is more beneficial to invest in their company rather than that of their competitors.

The system had to be overhauled and regulated to the point that investors could be sure of the reliability of the information released to the general public.

One of the most significant features of the law concerns compliance for electronic records. Aside from data stored and collected through Microsoft Office tools or their equivalent, email messages are also considered as evidence during an investigation. Thus, corporations must be able to produce email messages as well as pertinent electronic data, if requested by investigators.

Provisions of the Sarbanes-Oxley Act (aka SoX, Sarbox or SOA) detail criminal and civil penalties for noncompliance, certification of internal auditing, and increased financial disclosure. It affects public (and private) U.S. companies and non-U.S. companies with a U.S. presence. SOX is all about corporate governance and financial disclosure.

The Sarbanes Oxley Act requires all financial reports to include an Internal Controls Report. This shows that a company's financial data accurate and adequate controls are in place to safeguard financial data. Year-end financial disclosure reports are also a requirement. A SOX auditor is required to review controls, policies, and procedures during a Section 404 audit.

SOX auditing requires that internal controls and procedures can be audited using a control framework like COBIT. Log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.

Sarbanes-Oxley also encourages the disclosure of corporate fraud by protecting whistleblower employees of publicly traded companies or their subsidiaries who report illegal activities. Section 806 of Sarbanes Oxley the Act authorizes the U.S. Department of Labor to protect whistleblower complaints against employers who retaliate and further authorizes the Department of Justice to criminally charge those responsible for the retaliation.

Conduro Ventures has on staff individuals that have been doing these sorts of audits for more than 10 years.

Here’s How Conduro Helps

  • Ensure compliance to laws and regulations
  • Ensure reliability of financial reporting and readiness for audits
  • Ensure all controls are clear and visible to all business partners
  • Ensure that all governance as it relates to policies and procedures are being adhered to


Contact us today for more information on SOX Compliance.