Chapter 5 - 01 - Discuss Various Regulatory Frameworks, Laws, and Acts - 04_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Sarbanes Oxley Act (SOX) O Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures O The key requirements and provisions of SOX are organized into 11 titles: Title I Title IT Public Company Accounting Auditor Independence establishes the Corporate Responsibility provides independent oversight of public accounting intended to limit conflicts of interest and address new auditor approval requirements, executives take individual responsibility for the accuracy firms providing audit services audit partner rotation, and auditor reporting Oversight Board (PCAOB) (“auditors”) @ standards for external auditor independence, requirements Title III mandates that senior and completeness of corporate financial reports https.//www.sec.gov Title IV Enhanced Financial Disclosures describe enhanced reporting requirements for financial transactions, including off-balance-sheet transactions, pro-forma figures, and the stock transactions of corporate officers TitleV Analyst Conflicts of Interest consist of measures designed to help restore investor confidence in the reporting of securities analysts TitleVI Commission Resources and Authority defines practices to restore investor confidence in securities analysts Title VII Studies and Reports includes the effects of the consolidation of public accounting firms, the role of credit rating agencies in the operation of securities markets, securities violations and enforcement actions, and whether investment banks assisted Enron, Global Crossing, or others to manipulate earnings and obfuscate true financial conditions Module 05 Page 516 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Sarbanes Oxley Act (SOX) (Cont’d) Title VIII Corporate and Criminal Fraud Accountability describes specific criminal penalties for fraud by the manipulation, destruction, or alteration of financial records, or other interference with investigations while providing certain protections for whistle-blowers Title IX White Collar Crime Penalty Enhancement increases the criminal penalties associated with white-collar crimes and conspiracies. It recommends stronger sentencing guidelines and specifically adds the failure to certify corporate financial reports as a criminal offense Title X Corporate Tax Returns states that the Chief Executive Officer should sign the company tax return Title X1 Corporate Fraud Accountability identifies corporate fraud and record tampering as criminal offenses and assigns them specific penalties. It also revises sentencing guidelines and strengthens their penalties. This enables the SEC to temporarily freeze large or unusual payments Copyright© by EC- IL All Rights Reserved. Reproduction is Strictly Prohibited Sarbanes Oxley Act (SOX) Source: https://www.sec.gov Enacted in 2002, the Sarbanes-Oxley Act aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures. This act does not explain how an organization must store records but describes the records that organizations must store and the duration of their storage. The Act mandated several reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud. The key requirements and provisions of SOX are organized into 11 titles: = Title I: Public Company Accounting Oversight Board (PCAOB) Title | consists of nine sections and establishes the Public Company Accounting Oversight Board to provide independent oversight of public accounting firms that provide audit services ("auditors"). It also creates a central oversight board tasked with registering audit services, defining the specific processes and procedures for compliance audits, inspecting and policing conduct and quality control, and enforcing compliance with the specific mandates of SOX. = Title Il: Auditor Independence Title 1l consists of nine sections and establishes standards for external auditor independence to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. It restricts auditing companies from providing non-audit services (such as consulting) for the same clients. Module 05 Page 517 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls = Exam 212-82 Title lll: Corporate Responsibility Title 11l consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction between external auditors and corporate audit committees and specifies the corporate officers’ responsibility for the accuracy and validity of corporate financial reports. It enumerates specific limits on the behaviors of corporate officers and describes specific forfeitures of benefits and civil penalties for non-compliance. = Title IV: Enhanced Financial Disclosures Title IV consists of nine sections. It describes enhanced reporting requirements for financial transactions, including off-balance-sheet transactions, pro-forma figures, and the stock transactions of corporate officers. It requires internal controls to ensure the accuracy of financial reports and disclosures and mandates both audits and reports on those controls. It also requires timely reporting of material changes in financial conditions and specific enhanced reviews of corporate reports by the SEC or its agents. = Title V: Analyst Conflicts of Interest Title V consists of only one section that discusses the measures designed to help restore investor confidence in the reporting of securities analysts. It defines the code of conduct for securities analysts and requires that they disclose any knowable conflicts of interest. = Title VI: Commission Resources and Authority Title VI consists of four sections and defines practices to restore investor confidence in securities analysts. It also defines the SEC’s authority to censure or bar securities professionals from practice and defines the conditions to bar a person from practicing as a broker, advisor, or dealer. = Title VII: Studies and Reports Title VII consists of five sections and requires the Comptroller General and the Securities and Exchange Commission (SEC) to perform various studies and to report their findings. The required studies and reports include the effects of the consolidation of public accounting firms, the role of credit rating agencies in the operation of securities markets, securities violations, enforcement actions, and whether investment banks assisted Enron, Global Crossing, and others to manipulate earnings and obfuscate true financial conditions. = Title VIII: Corporate and Criminal Fraud Accountability Title VIII, also known as the “Corporate and Criminal Fraud Accountability Act of 2002,” consists of seven sections. It describes specific criminal penalties for the manipulation, destruction, or alteration of financial records or interference with investigations, while also providing certain protections for whistle-blowers. Module 05 Page 518 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls = Exam 212-82 Title IX: White-Collar-Crime Penalty Enhancement Title IX, also known as the "White Collar Crime Penalty Enhancement Act of 2002,” consists of six sections. This title increases the criminal penalties associated with whitecollar crimes and conspiracies. It recommends stronger sentencing guidelines specifically adds failure to certify corporate financial reports as a criminal offense. = and Title X: Corporate Tax Returns Title X consists of one section that states that the Chief Executive Officer should sign the company tax return. = Title XI: Corporate Fraud Accountability Title XI consists of seven sections. Section 1101 recommends the following name for the title: “Corporate Fraud Accountability Act of 2002.” It identifies corporate fraud and records tampering as criminal offenses and joins those offenses to specific penalties. It also revises sentencing guidelines and strengthens penalties. Doing so enables the SEC to temporarily freeze “large” or “unusual” transactions or payments. Module 05 Page 519 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.