Challenges and Solutions, the Sarbanes-Oxley Act of 2002

With the inception of the Sarbanes-Oxley Act of 2002, many companies as well as all Registered Public Accounting Firms are now held to a set of stringent guidelines regarding the storage and management of their financial data. These rules set guidelines for how data should be stored, accessed, and retrieved. Companies using Circadian Force will find that our Remote Backup solution is fully compliant with Sarbanes-Oxley as well as intelligently reformed in order to make the necessary audits and record keeping as easy as possible.

Circadian Force has taken measures to ensure that our product has been tailored to help companies meet compliancy regulations quickly and easily.

Section 103: Auditing, Quality Control, And Independence Standards And Rules.

Section 104: Inspections of Registered Public Accounting Firms

Section 105(d): Investigations And Disciplinary Proceedings; Reporting of Sanctions.

Section 107(d): Censure Of The Board And Other Sanctions.

Section 203: Audit Partner Rotation.

Section 302: Corporate Responsibility For Financial Reports.

Section 401(a): Disclosures In Periodic Reports; Disclosures Required.

Section 404: Management Assessment Of Internal Controls.

Title VIII: Corporate and Criminal Fraud Accountability Act of 2002.

Section 802: Mandatory Document Retention

Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding

Section 103: Auditing, Quality Control, And Independence Standards And Rules.

The Board shall:

(1) register public accounting firms;

(2) establish, or adopt, by rule, "auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;"

DataForce moves the data to a secure off-site datacenter where it safely stored and readily available for an audit. An auditor can simply log into the software, extract the necessary files (with the decryption key, of course), and conduct the audit off-site. They can also use this process to ensure the necessary files are being produced in a timely manner. This allows for quality control and remote-auditing.

(3) conduct inspections of accounting firms;

(4) conduct investigations and disciplinary proceedings, and impose appropriate sanctions;

(5) perform such other duties or functions as necessary or appropriate;

(6) enforce compliance with the Act, the rules of the Board, professional standards, and the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto;

(7) set the budget and manage the operations of the Board and the staff of the Board.

The Board must require registered public accounting firms to "prepare, and maintain for a period of not less than 7 years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report."

DataForce automates this process to a large degree. As the accountants create their financials, they can be 'captured' on a daily basis. An audit report can be generated as to when the reports were created and then the necessary files can be pulled up for review. The "other information related to any audit report" will be the time and date that the report was created, the size of the file, the time stamp on the file, and whether or not it was updated since its creation. These reports can be sent to the Accountants and/or the Board on a daily, weekly, monthly, or quarterly basis.

The Board must adopt an audit standard to implement the internal control review required by section 404(b). This standard must require the auditor evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls.

DataForce captures every single record that is created requiring an audit. Furthermore, the auditor can review these records remotely, having access not only to the records themselves but also to the detailed reports that show when they were created. This allows the auditor to judge whether the records fairly and accurately reflect the transactions of the issuer and allow the auditor to determine exactly how and when the transactions were recorded for GAAP accordance. The entire process will take place in an automated fashion, allowing the auditor to easily assess weaknesses in the internal controls and the timing of any critical operations.

Section 104: Inspections of Registered Public Accounting Firms

Annual quality reviews (inspections) must be conducted for firms that audit more than 100 issues, all others must be conducted every 3 years. The SEC and/or the Board may order a special inspection of any firm at any time.

With DataForce, all the information required for an audit is readily available at any time, at the drop of a hat. This drastically reduces the amount of preparation work traditionally required for an audit. Even if a firm has 10 years worth of financial records that must pass a quality review/inspection, all those records can be accessed through DataForce within minutes, complete with an audit trail.

Section 105(d): Investigations And Disciplinary Proceedings; Reporting of Sanctions.

All documents and information prepared or received by the Board shall be "confidential and privileged as an evidentiary matter (and shall not be subject to civil discovery other legal process) in any proceeding in any Federal or State court or administrative agency, . . . unless and until presented in connection with a public proceeding or [otherwise] released" in connection with a disciplinary action. However, all such documents and information can be made available to the SEC, the U.S. Attorney General, and other federal and appropriate state agencies.

Confidentiality and security are keystone features of the DataForce software. In addition to the extremely powerful 128-bit encryption algorithm and the SSL secure connection, DataForce can restrict access to audit information and financials by allowing access only to a specific range of IP addresses. This allows a firm to hand-select the computers that are allowed to access their information.

Section 107(d): Censure Of The Board And Other Sanctions.

The SEC shall have "oversight and enforcement authority over the Board." The SEC can, by rule or order, give the Board additional responsibilities. The SEC may require the Board to keep certain records, and it has the power to inspect the Board itself, in the same manner as it can with regard to SROs such as the NASD.

If the board is required to keep current or archived records available, DataForce can do this automatically. The records can be mirrored between multiple datacenters and made completely fault-tolerant. Information can be archived for an indefinite amount of time.

Section 203: Audit Partner Rotation.

The lead audit or coordinating partner and the reviewing partner must rotate off of the audit every 5 years.

By having the DataForce product paving the way for automation and simplified reporting, this makes a transition simple and painless. i.e., there isn't the need to spend countless hours bringing a new lead audit or reviewing partner up to speed every 5 years - DataForce allows them to quickly see what has occurred in the last 5 years and easily transition into the new environment.

Section 302: Corporate Responsibility For Financial Reports.

The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer." A violation of this section must be knowing and intentional to give rise to liability.

DataForce gives the chief executives visibility as to what is being presented. They can review the audit reports in advance to become personally familiar with what information is being shared and how it has evolved from day to day, month to month. This gives them confidence because all the information is at their fingertips allowing them to approve financial statements with greater peace of mind. Having everything clearly documented in a report is much more reassuring than relying on the record-keeping abilities of others, which may or may not be 100% reliable. This mitigates the risks described in the Sarbanes-Oxley Act for the chief executives.

Section 401(a): Disclosures In Periodic Reports; Disclosures Required.

Each financial report that is required to be prepared in accordance with GAAP shall "reflect all material correcting adjustments . . . that have been identified by a registered accounting firm . . . ."

"Each annual and quarterly financial report . . . shall disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities" that may have a material current or future effect on the financial condition of the issuer.

The SEC shall issue rules providing that pro forma financial information must be presented so as not to "contain an untrue statement" or omit to state a material fact necessary in order to make the pro forma financial information not misleading.

DataForce captures every change that is made to financial records and stores those files as evolving 'versions' of the same document. Therefore, any adjustments that are made to financial reports are captured by the DataForce software and an audit report is generated stating that the file was changed. It therefore becomes impossible for information to be 'hidden' in this record, as the full history of that record is stored by DataForce. At any given time, an auditor can pull up a financial report and view current or historical data, even if the information was created a month ago, a year ago, or 5 years ago. The auditor has the entire history of that document available to him/her, complete with a report showing what dates that document was altered.

Section 404: Management Assessment Of Internal Controls.

Requires each annual report of an issuer to contain an "internal control report", which shall:

(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and

The internal control structure can be handled almost entirely by DataForce, as DataForce will fully capture evolving versions of the financial records as they are created and updated. Furthermore, it will automatically create detailed reports showing when the file was updated and/or changed for someone requiring a high level overview on the history of the records. As for the internal control structure itself, Circadian Force can create supporting artifacts documenting the process used and technologies in place for this strategy.

The reports generated by DataForce can be used as an "internal control report" documenting exactly what transpired over the course of the year. This is a fully automated process and the reports can be manually generated at any time.

(2) contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

DataForce provides all the background reporting information to make this assessment and determination. It automates much of the internal control report and reduces the man-hours required for the creation of an annual assessment. In the end, DataForce provides a solution for much of the effort Sarbanes-Oxley requires a company to exert, which:

a) Reduces the time it takes a firm to prepare for an audit;

b) Automates much of the reporting process;

c) Establishes an internal process for financial reporting;

d) Increases the security of financial records;

e) Increases the availability of financial records;

f) Keeps as many versions of the document available as are created, meaning the financial records will always be available - even 5 years down the road when an audit is required on outdated financials.

Title VIII: Corporate and Criminal Fraud Accountability Act of 2002.

It is a felony to "knowingly" destroy or create documents to "impede, obstruct or influence" any existing or contemplated federal investigation.

DataForce prevents any one party from destroying records vital to the company's well-being. A common user cannot destroy the records, as they are stored in an off-site datacenter cluster array. Only an Administrator that has been granted specific rights to the datacenter can permanently delete a record.

Section 802: Mandatory Document Retention

Directs accountants to maintain certain corporate audit records or to review work papers for a period of five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to promulgate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. This section makes it unlawful knowingly and willfully to violate these new provisions -- including any rules and regulations promulgated by the SEC -- and imposes fines, a maximum term of 10 years' imprisonment or both. Auditors are required to maintain "all audit or review work papers" for five years.

DataForce not only stores audit and review work papers for an indefinite amount of time, but it also stores every version of those papers.

Section 802: Document Alteration or destruction

and Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding

Makes it a crime for any person to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the object's integrity or availability for use in an official proceeding or to otherwise obstruct, influence or impede any official proceeding is liable for up to 20 years in prison and a fine.

If any attempts are made to alter, destroy, mutilate, or conceal documents protected by DataForce, an audit report will be generated stating when such actions took place and (in some cases) the party responsible for such actions can be easily determined. Furthermore, even if the integrity of a document is impaired, DataForce has earlier versions of that same document readily available for restoration at any time.