Document Management or Enterprise Information Management is perhaps
one of the most important of the enterprise solutions that will
provide a solution to the various requirements of SOX. Several sections
of SOX have a direct bearing on the manner in which the digital
documents/records of the enterprise are created, reviewed, approved,
stored, retrieved, transferred, and destroyed.
Knowledge Management: Document & Records Management
Estimates have been made calculating that a significantly large
proportion (some say, more than 70%) of the documents owned by an
enterprise are in digital format and might never be seen in hardcopy.
According to Gartner’s Editor in Chief James Lundy: Records management
will become a top 10 issue for many CIOs in the coming year.
In the following, we will discuss the various sections of SOX that
a document management solution might help in complying with.
Section 302 : According to Section 302, the CEO and CFO
have to personally certify the financial statements and disclosures
made by the company on authenticity and accuracy. This requires
a system in place that will make the CEO and the CFO confident that
all the disclosures that the company makes are accurate and authentic.
This can be done in two ways:
One is to trickle-down the responsibility of the CEO and the CFO
to the lower management levels and in response bubble-up the sign-offs
from the lower management levels on all documents that are inputs
to the company filings.
Second is to design comprehensive business processes that produce
the company filings. The business processes will be designed in
a very rigorous manner to comply with all the provisions and proper
implementation and training of all the personnel related to the
business processes will be carried out and tested on a periodic
basis. Further, the business processes themselves will be open to
stringent internal audits that will be carried out from time to
time. One, or a combination of both these practices will go a long
way towards ensuring proper compliance.