gbrain: sync converted org-mode brain files

2026-05-23 06:35:21 +00:00
parent 3f38e87f4f
commit 44299599f9
38 changed files with 1248 additions and 856 deletions
--- a/ideas/compliance/sox.org
+++ b/ideas/compliance/sox.org
@@ -0,0 +1,27 @@
+:PROPERTIES:
+:ID:       auto-sox
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: 
+#+filetags: :passepartout:compliance:framework:sox:
+
+
+US federal law (2002). Mandates internal controls over financial reporting
+(ICFR) for publicly traded companies. Section 404 requires management to assess
+and auditors to attest to the effectiveness of internal controls.
+
+Who must comply: All US public companies; foreign issuers trading on US exchanges.
+~6,000 public companies + foreign filers.
+
+Penalties: Up to $5M fines and 20 years imprisonment for certifying false
+financial statements. CEO and CFO personally liable.
+
+Why it matters: Every financial control is a gate rule — who can approve a
+journal entry, who can release a payment, who can modify a vendor record. The
+gate stack encodes these as ACL2-verified rules and produces the audit trail
+that the external auditor needs for Section 404 attestation. First-mover
+advantage: SOX is mature (24 years old) but the audit market is $4B+ and
+entirely manual — no competitor has automated the evidence pipeline.
+
+** GLBA (Gramm-Leach-Bliley Act)
+