Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

SOX

SOX Compliance Auditing & Reporting

Segment: Publicly Traded Companies

icon-selected-opt
       

The Sarbanes-Oxley Act of 2002 is a law that was passed in response to the financial scandals such as Enron and WorldCom. The law establishes new, stricter standards for all US publicly traded companies. It does not apply to private companies. The Act is administered by the Securities and Exchange Commission (SEC), which deals with compliance, rules and requirements. The Act also created a new agency, the Public Company Accounting Oversight Board, or PCAOB, which is in charge of overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies.

The IT-SOX Connect

Satisfying Compliance requirements need not be a terrifying task, like every other regulatory prerequisites, it should be addressed methodically, with proper analysis and study. Every organization governed by the Sarbanes-Oxley Act has to now rely on automated information monitoring systems like ADAudit Plus to process, store and report the financial reports with utmost confidentiality, integrity and accuracy. ADAudit Plus ensures an automated SOX 302 / 404 Compliance System to secure corporate network security, continuous network monitoring with alerts / reports on authorized / unauthorized system and data accesses for data integrity.

Sarbanes-Oxley Section 302: Disclosure Controls

Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial dislosure.

Note: Click on the below Section Number to view the various ADAudit Plus audit reports that will help satisfy the particular clause.

Section Number Description Reports
302 (a) (6) The signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. All AD Objects:
  1. User
  2. Group
  3. Computer
  4. OU
  5. GPO
302 (a) (5) (b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls.
  1. User & Computer Creation
  2. User Logon Reports
  3. User & Group Changes
  4. All Action made in AD by any User
302 (a) (5) (a) All significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize, and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls.
  1. File Creation
  2. File Modification
  3. File Deletion
302 (a) (4) (b) Have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared. All AD Policy Changes:
  1. GPO Changes
  2. Advanced GPO Changes
  3. Local Policy Changes
302 (a) (4) (c) / 302 (a) (4) (d)

Have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report.

Have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

Local Logon Reports based on Time only:
  1. Successful Logon / Logoff
  2. Unsuccessful Logon
  3. Terminal Server Logon Activities
  4. Summary Reports
302 (a) (4) (a) Responsible for establishing and maintaining internal controls.
  1. Audit Log Cleared
  2. Process Tracking
  3. File deletion / permission changes

Sarbanes–Oxley Section 404: Management Assessment of Internal Controls

Section 404 of the Act requires management and external auditors to report on internal controls. Access controls should be maintained, reviewed and reported periodically.

Note: Click on the below Section Number to view the various ADAudit Plus audit reports that will help satisfy the particular clause.

Section Number Description Reports
404 (a) (1) State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. 150+ ADAudit Plus Continous Security Audit Reports for third party auditing
404 (a) (2) Contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.  150+ ADAudit Plus Continous Security Audit Reports for third party auditing
404 (b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.  150+ ADAudit Plus Continous Security Audit Reports for third party auditing

Audit Reports from ADAudit Plus

A broader look at the various audit reports in ADAudit Plus, which more than satisfies a particular category needs. The many reports in every category ensures a thorough monitoring and reporting / alerting from every angle. Add to it custom reporting, profile based reporting for easy access.

Sample Compliance Audit Reports

adaudit-plus-dashboard-thumb
adaudit-plus-audit-reports-thumb

Sarbanes-Oxley Section 302 / 404: Audit Reports

302 (a) (6):

All AD Objects:

1. User Management Reports

Recently Created Users | Recently Deleted Users | Recently Enabled Users | Recently Disabled Users | Recently Locked Out Users | Recently Unlocked Users | Frequently Lockedout Users | Recently Password Changed Users | Frequently Unlocked Users | Recently Password Set Users | User Based Password Changes | User Based Password Reset | Recently Modified Users | Password Never Expires Set Users | Extended Attribute Changes | User Attribute New and Old Value | Last Modification on Users | Account Lockout Analyzer | User Object History

2. Group Management Reports

Recently Created Security Groups | Recently Created Distribution Groups | Recently Deleted Security Groups | Recently Deleted Distribution Groups | Recently Modified Groups | Recently Added Members to Security Groups | Recently Added Members to Distribution Groups | Recently Removed Members from Security Groups | Recently Removed Members from Distribution Groups | Extended Attribute Changes | Group Attribute New and Old Value | Group Object History

3. Computer Management Reports

Recently Created Computers | Recently Deleted Computers | Recently Modified Computers | Recently Enabled Computers | Recently Disabled Computers | Extended Attribute Changes | Computer Attribute New and Old Value | Computer Object History

4. OU Management Reports

Recently Created OUs | Recently Deleted OUs | Recently Modified OUs | Extended Attribute Changes | OU History

GPO Management Reports

Recently Created GPOs | Recently Deleted GPOs | Recently Modified GPOs | GPO Link changes | GPO History | Advanced GPO Reports: Group Policy Settings Changes | Computer Configuration Changes | User Configuration Changes | Password Policy Changes | Account Lockout Policy Changes | Security Settings Changes | Administrative Template Changes | User Rights Assignment Changes | Windows Settings Changes | Group Policy Permission Changes | Group Policy Preferences Changes | Group Policy Settings History | Extended Attribute Changes

302 (a) (5) (b):

1. User & Computer Creation

Recently Created Users Report & Recently Created Computers Report

2. User & Group Changes:

User Management Reports

Recently Created Users | Recently Deleted Users | Recently Enabled Users | Recently Disabled Users | Recently Locked Out Users | Recently Unlocked Users | Frequently Lockedout Users | Recently Password Changed Users | Frequently Unlocked Users | Recently Password Set Users | User Based Password Changes | User Based Password Reset | Recently Modified Users | Password Never Expires Set Users | Extended Attribute Changes | User Attribute New and Old Value | Last Modification on Users | Account Lockout Analyzer | User Object History

Group Management Reports

Recently Created Security Groups | Recently Created Distribution Groups | Recently Deleted Security Groups | Recently Deleted Distribution Groups | Recently Modified Groups | Recently Added Members to Security Groups | Recently Added Members to Distribution Groups | Recently Removed Members from Security Groups | Recently Removed Members from Distribution Groups | Extended Attribute Changes | Group Attribute New and Old Value | Group Object History

All Action made in AD by any User

All AD Changes By User Report

302 (a) (5) (a):

File Audit Reports

All File or Folder Changes | Files Created | Files Modified | Files Deleted | Successful File Read Access | Failed attempt to Read File | Failed attempt to Write File | Failed attempt to Delete File | Folder Permission Changes | Folder Audit Setting Changes (SACL) | Files Moved (or) Renamed | Changes based on Users | Changes based on Servers | Files Copy-N-Pasted

302 (a) (4) (b):

All AD Policy Changes:

1. GPO Change Reports

Recently Created GPOs | Recently Deleted GPOs | Recently Modified GPOs | GPO Link changes | GPO History | Advanced GPO Reports: Group Policy Settings Changes | Computer Configuration Changes | User Configuration Changes | Password Policy Changes | Account Lockout Policy Changes | Security Settings Changes | Administrative Template Changes | User Rights Assignment Changes | Windows Settings Changes | Group Policy Permission Changes | Group Policy Preferences Changes | Group Policy Settings History | Extended Attribute Changes

Local Policy Changes (Server Audit Reports)

Summary Report | Process Tracking | Policy Changes | System Events | Object Management | Scheduled Task

302 (a) (4)(c):

Local Logon Reports based on Time only

Currently Logged On Users | Logon Duration | Local Logon Failures | Logon History | Terminal Services Activity | Users Logon Duration on Computers | Interactive Logon Failure | Terminated Users Session | RADIUS Logon Failures (NPS) | RADIUS Logon History (NPS)

302 (a) (4) (a):

Audit Log Cleared | Process Tracking (Server Audit Reports)

Summary Report | Process Tracking | Policy Changes | System Events | Object Management | Scheduled Task

302 (a) (4) (d):

Successful / Unsuccessful Authentication on DC

Logon Activity based on DC (Every user Authentication) | Domain Controller Logon Activity (Direct login by users into DC).

404 (a) (1):

150+ Pre-Configured / Custom / Profile based ADAudit Plus security audit reports for third party auditing.

404 (b):

Technician Settings with 'Operator Role' privilege will be able to view reports / alerts from ADAudit Plus console.

A Few of the Other Pre-Configured Compliance Reports

HIPAA Compliance Reports

All File or Folder Changes | OU Management | Computer Management | Group Management | User Management | Logon Duration | Terminal Services Activity | Logon Failures | Recent User Logon Activity

PCI-DSS Compliance Reports

Recent User Logon Activity | Logon Failures | Terminal Services Activity | Logon History | Administrative User Actions | All File or Folder Changes | RADIUS Logon History (NPS) | Successful File Read Access | Folder Permission Changes | Folder Audit Setting Changes

GLBA Compliance Reports

Folder Audit Setting Changes | Folder Permission Changes | Successful File Read Access | All File or Folder Changes | GPO Management | User Management | Group Management | Domain Policy Changes | Logon Duration | Local Logon Failures | Terminal Services Activity

FISMA Compliance Reports

Terminal Services Activity | Local Logon Failures | Logon History | Group Management | User Management | Administrative User Actions | Computer Management | OU Management | All File or Folder Changes | Failed attempt to Write File | Failed attempt to Delete File

  •  
    ADAudit Plus has helped us meet certain SOX and PCI compliance requirements. Liking the automated monthly reports for SOX, ease of use, implementation and very cost effective solution.
     
     
    Jeffrey O'Donnell
    Director of IT,
    Uncle Bob’s Self Storage
  •  
    We finalized on ManageEngine ADAudit Plus, primarily for our SOX Audit reports and I think the tool, with its easy to comprehend output is very cool and the highly competitive pricing helped grab our attention.
     
     
    Andreas Ederer
    Cosma International
  •  
    We are an emergency healthcare provider. We see the software as good risk avoidance with some good risk management practices and help us meet HIPAA compliance. We chose ADAudit Plus, which works 24/7/365 like us.
     
     
    JT Mason
    Director of IT
    California Transplant Donor Network (CTDN)
  •  
    We evaluated different software; ADAudit Plus is extremely easy to deploy and a cost-effective solution that helped us pass several industry related security audits, in-depth PEN audit test and meet HIPAA security guidelines.
     
     
    Renee Davis
    CIO
    Life Management Center
  •  
    We are a not for profit organization and had to satisfy HIPAA requirements, we chose ADAudit Plus which helped us to see what changes were made and who made them in our AD.
     
     
    CMenendez
    Manager of Network Operations
    Kendal
  •  
    ADAudit Plus was the simplest and most relevant from the several products we trialed to monitor user logon failures, account cleaning, to keep a check on malicious activities and meet PCI-DSS compliance.
     
     
    Bernie Camus
    IT Manager
    Iglu.com

Active Directory Auditing and Reporting trusted by

A single pane of glass for complete Active Directory Auditing and Reporting