Definition

• Under SOX, a record is defined as any material containing information about the company, including any plans, results, policies or performance. A business record can be anything that is represented by words or numbers. Not only does this include documents, but it also includes electronic files such as emails and instant messaging. SOX requires companies to retain and manage these records.
  
  

Responsibility

• SOX requires the CFO and CEO of any company to personally ensure the accuracy of the company’s quarterly and annual financial statements. This requires the CFO and CEO to sign-off of on all financial statements.
  
  

Internal Controls

• Under SOX, the annual report of a company must include a review of the effectiveness of internal controls of the document management system, as well as the policies and processes of the company as a whole. The records must also be searchable and quickly made available upon request.
  
  

Audit

• All of the records may be subject to an audit. The auditors look for several red-flags, including the lack of a good records management and retention system, and a review of the documents that helped create the quarterly and annual reports. Companies that perform audits must also maintain records of all audit work papers that form the basis of the review and conclusions for at least 7 years.
  
  

Record Destruction

• SOX establishes criminal penalties for anyone who intentionally destroys, alters, mutilates, conceals or falsifies any record documents that are involved or could be involved in government investigation or bankruptcy filing. The punishment if convicted of violating this provision is a fine and imprisonment for up to 20 years.