SUMMARY C841- Task-1 Running head: TECHFITE CASE STUDY LEGAL ANALYSIS C841: Legal Issues in Information Security

A4 – The Sarbanes-Oxley Act (SOX) The Sarbanes-Oxley Act (SOX) was enacted in 2002 as a result of a series of fraudulent financial scandals involving publicly traded companies. SOX was created to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices. The act is comprised of eleven key sections that define rules for corporate financial reporting, corporate governance as it pertains to financial information handling, financial records keeping, financial reporting, and more “What is Sarbanes-Oxley Act (SOX) There are key provisions from SOX that relate to the findings of the TechFite investigation and potential criminal liability. The first is Title IV, section 302 which documents disclosure controls a company must adhere to. These controls require that CEOs and CFOs certify a company’s reports to the Securities and Exchange Commission (SEC). in the investigation, there is strong evidence that TechFite made use of three shell companies that submit payments to TechFite from the same outof-state bank that TechFite does not have a relationship with. It is believed that those companies and the bank provide a vehicle for TechFite to funnel imaginary funds into its sales figures for the Applications Division. Whether the CEO and CFO are aware of this activity or not, under SOX Title VIII, section 906 they are liable for the accuracy and authenticity of those SEC filings. The next applicable provision is still in Title IV but is section 404 which outlines the internal auditing controls a company must maintain. Under section 404, SOX requires a company's executive management to report on the effectiveness of the company's internal controls over financial reporting (ICFR). In this provision, management must create, document, and test ICFR. Under SEC rules, companies must use a specific framework of evaluation criteria constructed by the Committee of Sponsoring Organizations (COSO). Given the overall lack of oversight by TechFite’s executives and board, there is no evidence that such a framework has been implemented leaving financial and IT systems vulnerable to abuse.