All public companies are required to comply with Sarbanes-Oxley (SOX). Still, there are also several key provisions of Sarbanes-Oxley that apply to small and medium-sized businesses as well as to accountants, auditors, and executives. Sage Intacct was built to assist companies in complying with SOX by helping companies of all sizes meet both deceptive and preventive internal control requirements.
Whether or not your company is required to comply with SOX, many of the requirements of the law are considered to be best practices and highly beneficial to all businesses. At its core, SOX compliance helps to ensure the accuracy of a company’s financial statements and protects the business from fraud, cyber-attacks, lawsuits, and more.
When a company produces financial statements, it must contain an internal controls report that details the control system’s structure and a manager’s evaluation of the control’s effectiveness.
Sage And Cybersecurity
In 2018 the security Exchange Commission released updated guidance requiring companies to “establish and maintain appropriate and effective disclosure controls and procedures that enable them to make accurate and timely disclosures of material events, including those related to cybersecurity.”
Sage Intacct has your internal cybersecurity controls covered with a secure login process that features:
- Periodic password expiration
- Minimum password length
- Session timeouts
- IP address restrictions by user or entity
- Two-factor authentication
In addition to login security, Sage also provides access security that sets boundaries within the system by employees based on their role and department. User permission functionality reduces the chances of internally breaching the system because employees can only access the resources they need to perform their roles. User access helps companies meet the SOX requirement for segregation of duties because administrators can assign user permissions within each Sage Intacct module and function that prevents employees from performing multiple steps in the workflow. For example, an administrator can
separate the duties of importing bank transactions from bank reconciliations or establish smart rules to reject input from users who don’t have permission to perform specific tasks.
Sage Intacct also has your business covered when it comes to setting up controls to prevent unauthorized access to applications that integrate with the financial management system and to document who accessed the application and the date and time it was accessed. Sage Intacct uses tokens to allow audit tracking for all transactional activity of each marketplace partner and employs IP filtering for all application partners that prevent unauthorized access to an application by filtering out traffic based on IP addresses.
Finally, Sage Intacct protects your data stored in the cloud with both physical and digital security. Cloud hosting facilities are protected 24 hours a day, 7 days a week, by armed security guards and monitored security cameras. Sage Intacct servers are also isolated within the larger data center to add another level of physical security. Sage also has data centers around the world to protect you in the event of a disaster that affects data center services. Your data can be restored down to a specific minute using one of Sage’s backup data centers. Sage also does periodic third-party penetration testing in which paid hackers try to infiltrate the system to assess the effectiveness of the digital safeguards in place to protect their cloud hosting facilities. Sage Intacct also holds major security certifications, including SOC 2, PCI, and HIPAA.
Sage And Approvals
An internal controls system requires an approvals process for all transactions. A solid approvals process acts as a defense against normal, routine errors and fraud by having an experienced manager review transactions that meet certain thresholds administrators establish based on factors like amount, frequency, type, and overrides by the department. The finance team has complete visibility into what step each transaction is in throughout the approvals process. The approvals process also promotes segregation of duties since only users with manager-level permission can approve a transaction. This means no single user can initiate and approve a transaction.
If compliance is a concern for your company and you are looking to streamline your processes and procedures, and you need real-time data and insights from your reporting Sage Intacct is the perfect Solution. It fully integrates with 3rd party software and delivers on every level.