Listen to: "Explore 5 Lesser Known SOX Rules and Requirements"
The Sarbanes-Oxley Act (SOX or Act) of 2002 has been in effect for going on two decades now, and you most likely understand and adhere to all the basic requirements for your organization. The truth is that there is more to SOX than what lies on the surface for many of our smartest and most diligent clients to have time to grasp.
It makes sense that busy business owners learn the most crucial aspects of the Act to ensure compliance and leaving additional facts to learn as time allows.
We thought you might feel like digging a little deeper to learn about some of the lesser known requirements as a way to add more dimension to this important Act.
5 Lesser Known Rules and Requirements for SOX You May Need to Know
While you have likely read through all the crucial sections of SOX requirements, and you painstakingly apply them to your own audits, there are some rules that not everyone knows about. Perhaps you are a private business owner wondering whether it is in your best interest to perform a SOX audit. Maybe you are wondering about any possible restrictions with which you must comply regarding your independent auditor?
Ideally, we will fully answer these musings and others, as well as simply providing a more in-depth view of SOX and its usefulness for you.
1. The Implications of SOX for Private Companies and Nonprofits
While SOX was created in response to corporate scandals perpetrated by public companies—in collusion with their respective accounting firms—the Act is also applicable to private companies and nonprofits in certain contexts.
Most importantly, the Act forbids all businesses—certainly including private companies and nonprofits—from any illegal handling or destruction of financial records. These companies are also prohibited from enacting any retaliation or infringement on the rights of whistleblowers.
Why Might a Private Company Perform a SOX Audit?
A private company may need to perform a SOX audit for reasons that may include:
- A Third-Party’s Insistence. Important business partners may insist that private companies. Lenders may require that companies provide an independent audit when applying for a loan, for instance, or insurance companies may need financial statement certifications before approving Directors & Officers (D&O) liability insurance.
- Due Diligence for Prospective Investors and Buyers. Prospective buyers and investors may insist on seeing audited financials and assurance regarding internal controls to make informed decisions on loans, acquisitions and coverage to mitigate risk.
- State Requirements. Some state security regulators may extend SOX requirements to private companies.
A few additional reasons for a private company to comply with SOX standards include those preparing to go public or that may become acquired by a large public company in the future, those with large outside shareholder bases and those with registered debt securities.
Why Might a Nonprofit Organization Perform a SOX Audit?
Not all nonprofits need to conduct a SOX audit. However, it is important that nonprofit leaders ensure effective governance of their organizations. Otherwise, the government may step forward to regulate nonprofit governance.
Some state attorneys general have proposed the application of certain elements of SOX to nonprofit organizations to ensure proper governance. For instance, the California Nonprofit Integrity Act of 2004 mandates that all nonprofits with $2 million or more in annual revenues submit to an audit prepared by an independent auditing firm. States like New Hampshire, Connecticut, Kansas, and Maine have passed similar laws with varying revenue ceilings.
2. The Responsibilities and Prohibitions of Audit Committee and Auditors
Each business planning a SOX audit must work with an audit committee independent of their company since the audit committee’s job is to set up intensive and objective internal audit systems to fully review the financial controls.
Additionally, any accounting firm engaged to perform an independent audit may not perform any other accounting services for that same client. Such restrictions include investment advice, implementation services, and internal audit outsourcing.
3. The Importance of the Public Company Accounting Oversight Board and Its Exclusivity Rules
Accounting firms that act as audit committees of a board of directors must register with the Public Company Accounting Oversight Board (PCAOB) for objective oversight. Created in tandem with the Sarbanes-Oxley Act, the PCAOB was designed to assure objectivity and avoid any possible conflicts of interest. The body enforces rules involving the prohibition of auditors performing any other professional services or business activities while serving on the board. This exclusivity also bars any investments in public accounting companies.
4. Increased Protection for Whistleblowers
Under Section 806, entitled “Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud,” SOX encourages disclosure of corporate fraud by having set up a series of protections for employees or contractors (whistleblowers) who come forward with concrete evidence. These protections extend to whistleblowers employed by private companies, via SOX, while nonprofits are encouraged to extend protections to whistleblowers.
Any employee aware of a breach of internal policies or government regulations must be allowed to alert the company without any fear of reprisal that may come in the form of termination, demotion, denial of overtime or benefits, loss of promotion opportunities, disciplinary action, intimidation, unfavorable reassignment, or reduction of pay or hours.
5. Companies Must Adopt a Code of Ethics
SOX has mandated that the U.S. Securities and Exchange Commission (SEC) issue a rule that requires public companies to disclose whether it has adopted a code of ethics that applies to its financial officers. The SEC leaves it up to each company to develop its own code of ethics.
Once the company has drawn up its own code of ethics, it is important that they make it available to the public. Most companies now simply place their code of ethics on their company website.
Do You Have a Better Understanding of SOX and Its Lesser Known Rules and Requirements?
Do you feel like any of these rules and requirements may help you perform your financial duties better and more easily? Do you have additional questions about any other possible matters regarding SOX?
At I.S. Partners, LLC., our SOX auditing professionals understand all the complexities and nuances of the Act for our valued clients. We are here to help streamline the process. Whether you run a private company or a nonprofit and are merely wondering if you need to comply with SOX requirements, or you need to develop your code of ethics, our SOX team can help you figure it out.