Sarbanes-Oxley Act (sections 302 and 404) and Business Continuity implications are often misrepresented or misunderstood.  Sometimes companies are aware of SOX requirements, but are not as familiar with the Business Continuity and Disaster Recovery implications buried within the act.

As a reaction to corporate scandals like Enron and WorldCom, congress passed some tough new laws to make it more difficult for corporations to cheat their investors.  Sections of the Sarbanes-Oxley Act (302 and 404) look at a company's internal controls and risk exposures.

There are MANY classes, books, auditors, and lawyers willing to take large fees to teach you about SOX requirements.  However, the SEC itself has some excellent papers on the subject.

One document I find useful for explaining what SOX requires is:

"Sarbanes-Oxley Sections 302 & 404, A White Paper Proposing Practical, Cost Effective Compliance Strategies" 

This PDF file can be downloaded at:

http://www.sec.gov/rules/proposed/s74002/card941503.pdf

This gives a good overview of what the requirements are as well as valuable insights into how the requirements may evolve over time.

Another interesting paper discusses problems with the current interpretations of the existing regulations.

This PDF can be downloaded at:

http://www.sec.gov/news/press/4-497/gehlinger040605.pdf

This is far from settled law, but few public corporations are willing to become test cases and risk losing in court.

Copyright © 2004-2006, Key Results Management, Inc., All Rights Reserved  www.k-r-m.com  (404) 437- 6485