account for how information is being managed with their organizations. SarbanesOxley
requires that (1) public companies evaluate and disclose the effectiveness of
their internal financial controls and (2) independent auditors for these companies
agree to this disclosure. The law also holds CEOs and CFOs personally responsible
for such disclosure. if their companies lack satisfactory data management policies
and fraud or a security breach occurs, they could be held personally responsible and
face prosecution.