0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
29 lines
1.2 KiB
Org Mode
29 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: c9830152-0160-4bdc-ab03-6f308ad43536
|
|
:ID: auto-sox
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: SOX (Sarbanes-Oxley Act)
|
|
#+filetags: :passepartout:compliance:framework:sox:
|
|
|
|
|
|
US federal law (2002). Mandates internal controls over financial reporting
|
|
(ICFR) for publicly traded companies. Section 404 requires management to assess
|
|
and auditors to attest to the effectiveness of internal controls.
|
|
|
|
Who must comply: All US public companies; foreign issuers trading on US exchanges.
|
|
~6,000 public companies + foreign filers.
|
|
|
|
Penalties: Up to $5M fines and 20 years imprisonment for certifying false
|
|
financial statements. CEO and CFO personally liable.
|
|
|
|
Why it matters: Every financial control is a gate rule — who can approve a
|
|
journal entry, who can release a payment, who can modify a vendor record. The
|
|
gate stack encodes these as ACL2-verified rules and produces the audit trail
|
|
that the external auditor needs for Section 404 attestation. First-mover
|
|
advantage: SOX is mature (24 years old) but the audit market is $4B+ and
|
|
entirely manual — no competitor has automated the evidence pipeline.
|
|
|
|
** [[id:4a2bc62b-3f21-4212-9cd9-f9add8fc0be1][GLBA (Gramm-Leach-Bliley Act)]]
|
|
|