28 lines
1.1 KiB
Org Mode
28 lines
1.1 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-sox
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:sox:
|
|
|
|
|
|
US federal law (2002). Mandates internal controls over financial reporting
|
|
(ICFR) for publicly traded companies. Section 404 requires management to assess
|
|
and auditors to attest to the effectiveness of internal controls.
|
|
|
|
Who must comply: All US public companies; foreign issuers trading on US exchanges.
|
|
~6,000 public companies + foreign filers.
|
|
|
|
Penalties: Up to $5M fines and 20 years imprisonment for certifying false
|
|
financial statements. CEO and CFO personally liable.
|
|
|
|
Why it matters: Every financial control is a gate rule — who can approve a
|
|
journal entry, who can release a payment, who can modify a vendor record. The
|
|
gate stack encodes these as ACL2-verified rules and produces the audit trail
|
|
that the external auditor needs for Section 404 attestation. First-mover
|
|
advantage: SOX is mature (24 years old) but the audit market is $4B+ and
|
|
entirely manual — no competitor has automated the evidence pipeline.
|
|
|
|
** GLBA (Gramm-Leach-Bliley Act)
|
|
|