[liontwist]

It sounds like you think SOX auditing means “super secure and careful accounting”.

SOX is a specific law with the motivation of giving markets more confidence in public stocks (for example must hire external auditors, certain board member rules, how certain assets must be valued, etc).

The SOX audit is to make sure that law is followed.

One criticism of SOX is that encouraged many startups and other businesses to remain private.

So long story short, no. Our government does not resemble a public stock corporation and these things don’t have an analog.

[weard_beard]

I specifically meant the parts of SOX related to access controls, infrastructure, and codebase management to ensure a baseline level of security for processing payments and PII to ensure this does not represent a risk to the valuation of the enterprise.

These measures are universal to running any payment platform, not a public/private issue.

*No, I'm not thinking of PCI, but that is also a valid measure here. There are recent updates to SOX in the past few years covering these aspects of payment operations. Some old-school SOX experts may not be familiar and the strictness on these aspects of the audit varies by auditor in my experience. I recently helped a client navigate these developing and responding to a very strict audit process covering their entire IT landscape including process flows, deployment planning and user/role management.

[amluto]

Are you perhaps thinking of PCI or SOC2?

[liontwist]

I don’t believe all of those are from SOX.

> I specifically meant

You didn’t leave the comment. Was that your alt account?

[weard_beard]

I'm the GP.

[epistasis]

> One criticism of SOX is that it partially nationalizes control of the organization,

If that is a criticism of SOX for private companies, then it would mean that it should be a baseline for national accounting, no?

[liontwist]

> it should be a baseline for national accounting

What does this mean? Let me repeat. SOX is not a method of accounting, its rules about roles and reporting for public corporations

> It sounds like you think SOX auditing means “super secure and careful accounting”.

[epistasis]

Yes, rules and roles for reporting, ie accounting.

I don't know what you think you are implying with the "super secure and careful" comment, we are looking for the roles that ensure the accountability of SOX.

Your complaint is that SOX "nationalizes" companies because apparently it becomes so transparent, or something? If that's what you mean by "nationalize" shouldn't that be used for our nation's accounting?