Section 404 - Management Assessment of Internal Controls and (to some extent) Section 302 - Corporate Responsibility for Financial Reports of the Sarbox or SOX act, lays the foundation on how IT can aid SOX compliance.
EventLog Analyzer lets corporations collect, retain and review terabytes of audit trail log data from all sources to support Sarbanes-Oxley Act Section 404's IT process controls. These logs form the basis of the internal controls that provide corporations with the assurance that financial and business information is factual and accurate.
The types of reports that EventLog Analyzer provides for SOX Audits are as follows:
- User Logon Report:
SOX requirements (Sec 302 (a)(4)(C) and (D) - log-in/log-out monitoring) clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
- User Logoff Report:
SOX requirements (Sec 302 (a)(4)(C) and (D) clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
- Logon Failure Report:
The security logon feature includes logging all unsuccessful login attempts. The user name, date and time are included in this report.
- Audit Logs Access Report:
SOX requirements (Sec 302 (a)(4)(C) and (D) - review and audit access logs) calls for procedures to regularly review records of information system activity such as audit logs.
- Object Access Report:
Identify when a given object (File, Directory, etc.) is accessed, the type of access (e.g. read, write, delete) and whether or not access was successful/failed, and who performed the action.
- System Events Report:
Identifies local system processes such as system startup and shutdown and changes to the system time or audit log.
- Host Session Status Report:
Indicates that someone reconnected to a disconnected terminal server session. (This is only generated on a machine with terminal services running.)
- Track Account Management Changes:
Significant changes in the internal controls sec 302 (a)(6). Changes in the security configuration settings such as adding or removing a user account to a administrative group. These changes can be tracked by analyzing event logs.
- Track User Group Changes:
Tracking event logs for changes in the security configuration settings such as adding or removing a global or local group, adding or removing members from a global or local group,etc..
- Track Audit Policy Changes:
EventLog Analyzer lets corporations comply with internal controls sec 302 (a)(5) by tracking the event logs for any changes in the security audit policy.
- Successful User Account Validation Report:
Identifies successful user account logon events, which are generated when a domain user account is authenticated on a domain controller.
- UnSuccessful User Account Validation Report:
Identifies unsuccessful user account logon events, which are generated when a domain user account is authenticated on a domain controller.
- Track Individual User Actions Report:
EventLog Analyzer lets corporations comply with internal controls sec 302 (a)(5) by auditing user activity.
Case Study: How TRC Companies, Inc. addressed the SOX compliance audit requirement?
Following is an excerpt from the Sarbanes-Oxley Act of 2002.
Section 302 of the Sarbanes-Oxley Act
SEC.302. CORPORATE RESPONSIBILITY FOR FINANCIAL REPORTS.
(a) REGULATIONS REQUIRED- The Commission shall, by rule, require, for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m, 78o(d)), that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act that--
(1) the signing officer has reviewed the report;
(2) based on the officer's knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading;
(3) based on such officer's knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report;
(4) the signing officers--
(A) are responsible for establishing and maintaining internal controls;
(B) have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
(C) have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report; and
(D) have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
(5) the signing officers have disclosed to the issuer's auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function)--
(A) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize, and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and
(B) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls; and
(6) the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.
List of Log Report that required by SOX 404
Sec 302 (a)(4)(C) and (D) - log-in/log-out monitoring
- User Logon/Logoff Report
- Logon failure report
- Audit Log Access report
- Object Access report
- System Event report
Sec 302 (a)(5)
- Audit policy changes
- User/Application/Directory or file access
Sec 302 (a)(6)
- Account Mgmt report