It sounds like you think SOX auditing means “super secure and careful accounting”.
SOX is a specific law with the motivation of giving markets more confidence in public stocks (for example must hire external auditors, certain board member rules, how certain assets must be valued, etc).
The SOX audit is to make sure that law is followed.
One criticism of SOX is that encouraged many startups and other businesses to remain private.
So long story short, no. Our government does not resemble a public stock corporation and these things don’t have an analog.
I specifically meant the parts of SOX related to access controls, infrastructure, and codebase management to ensure a baseline level of security for processing payments and PII to ensure this does not represent a risk to the valuation of the enterprise.
These measures are universal to running any payment platform, not a public/private issue.
*No, I'm not thinking of PCI, but that is also a valid measure here. There are recent updates to SOX in the past few years covering these aspects of payment operations. Some old-school SOX experts may not be familiar and the strictness on these aspects of the audit varies by auditor in my experience. I recently helped a client navigate these developing and responding to a very strict audit process covering their entire IT landscape including process flows, deployment planning and user/role management.
Yes, rules and roles for reporting, ie accounting.
I don't know what you think you are implying with the "super secure and careful" comment, we are looking for the roles that ensure the accountability of SOX.
Your complaint is that SOX "nationalizes" companies because apparently it becomes so transparent, or something? If that's what you mean by "nationalize" shouldn't that be used for our nation's accounting?
To be fair, no 19 year old in the world concerns himself with audits or proper regulatory procedure, including law students. There is a reason proper structure exists
