JOBS Act and SOX compliance
In early April, President Barack Obama signed the Jumpstart Our Business Startups (JOBS) Act, a bipartisan bill meant to create jobs and stimulate U.S. economic activity. The main vehicle the act uses to achieve these broad objectives is easing the burden that the Sarbanes-Oxley Act (SOX) places on new public companies. The intent is for this eased regulatory burden to encourage more companies to go public, stimulating economic growth and creating jobs.
What does this act mean to IT compliance professionals? With the arrival of the JOBS Act, Sarbanes-Oxley compliance requirements are bound to change, or are they? As with many compliance questions, the answer is, “It depends.” In this tip, we’ll first take a look at the general provisions of SOX as they apply to IT controls, and then, in that context, discuss the impact of the JOBS Act.
Sarbanes-Oxley Act overview
The Sarbanes-Oxley Act passed Congress in 2002 as a response to events surrounding Enron Corp., Worldcom Inc. and other corporate accounting scandals that plagued the financial industry during the early years of this century. SOX contains many wide-ranging provisions covering 11 corporate governance principles, including:
Of these requirements, the most vexing to IT professionals, and the most expensive to implement, are those found in Section 404 regarding internal controls. There are two main provisions of Section 404 that affect public companies:
The major complaint from small businesses regarding Sarbanes-Oxley requirements is that the cost to comply with Section 404(b) is disproportionately burdensome due to the high fixed costs of internal controls audits. The SEC addressed this somewhat in 2010 by exempting some small companies from Section 404(b) requirements.
JOBS Act changes
The JOBS Act further reduces the population of companies subject to Section 404(b) requirements by creating a new category of firm: the Emerging Growth Company (EGC). EGCs are firms that meet the following requirements:
Companies meeting these three requirements are granted EGC status, offering them a reprieve from some Section 404 requirements. This reprieve lasts until one of the following conditions is met:
FAQ: What is the impact of Sarbanes-Oxley on IT operations?
Learning Guide: SOX compliance for the security practitioner
During the time a company has EGC status, it is not subject to the external auditing requirements of SOX Section 404(b). Under prior law, new companies were exempt from Section 404(b) for a period of two years. Provided a company remains an EGC, the JOBS Act extends this grace period to five years. The intent is to give the company time to grow before incurring the cost burden of internal controls auditing.
The bottom line is the JOBS Act probably won’t have any effect on the average enterprise’s SOX 404(b) requirements if it is already a publicly traded company. On the other hand, for those companies on track to eventually go public, JOBS may offer significant relief from reporting obligations and encourage them to go public earlier — which, after all, is the law’s intent!
About the author:
Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity.com, and serves as its resident expert on enterprise compliance, frameworks and standards for its Ask the Experts panel. He is a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security …
Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation…
If your company is using a cloud database provider, it’s critical to stay on top of security. Review the security features …
DevOps, NetOps and NetSecOps … oh my! These IT concepts have their differences, but at the end of the day, they’re family. …
Cradlepoint and Extreme Networks will combine the former’s 5G routers with the latter’s network fabric to build a 5G wireless WAN…
Israeli startup OneLayer has launched from stealth with $8.2 million in seed funding and a software-based platform to secure IoT …
IT leaders began the year with the wind at their backs, building on investments made during the pandemic and focusing anew on …
Metaverse definitions vary as do predictions on when it will arrive. But smart CIOs should familiarize themselves with the …
Companies tapping Ukrainian coding talent are working to relocate employees willing to move. Tech firms, in the longer term, may …
IT admins considering a migration to Windows 11 should learn how the features of the Enterprise edition can benefit their …
The latest Windows 11 developer build lets people open multiple folders in the file management app. The feature is supposed to …
Desktop administrators should look for Windows 10’s native security features and architecture to establish a baseline of desktop …
To achieve high availability and fault tolerance in AWS, IT admins must first understand the differences between the two models.
Amazon ECS and EKS are similar, but their differences are enough to set them apart for AWS users. Learn which best fits your …
New storage additions such as Flexible Block Volumes and high availability for ZFS grow Oracle’s cloud platform to compete …
A project to introduce software robots at the Dutch arm of Teleperformance has been adopted globally
Combined capabilities from global technology services firm and energy management and automation tech provider aim to enable a …
Almost one-fifth of companies are asking employees to return to the office full-time, as new workspaces with quiet zones, Zoom …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
- Virtual Delivery
- Human Capital
- Assurance Services
- Research & Benchmarking
- Innovation Solutions
- Financial Solutions
- Private Sector
- Retail & Consumer Products
- Real Estate & Construction
- Private Equity
- Natural Resources
- Manufacturing & Distribution
- Life Sciences
- Industry 4.0
- Government Contracting
- Gaming, Hospitality & Leisure
- Financial Institutions & Specialty Finance
- Assest management
- Public Sector
- Third Sector
- Private Sector
- About Us
- Industry Updates