A Detailed Overview of Optimal SOX Compliance for Your Organization
Ethics in Business Sometimes Requires Outside Oversight and Enforcement
The Sarbanes-Oxley Act (SOX) of 2002 was passed by the United States Congress in the wake of, and in response to, a series of corporate accounting scandals.
In the late 1990s and early 2000s, massive organizations like Enron, WorldCom and Tyco International became the focal points of monumental scandals due to their respective unethical financial accounting practices. The organizations themselves were not the only bad actors, as the auditors were often just as culpable. Enron’s accounting firm was Arthur Andersen, which was one of the five largest accounting firms in the world at the time, and the fraudulent practices associated with Enron led to its ultimate demise.
Since everyone involved suffered in the end—the organizations’ clients, employees, investors, accounting firms and the companies themselves—it is clear as to why it was necessary to find a way to ensure that companies do not stray so far from the mark, whether intentionally or inadvertently, with this crucial act.
Do You Need SOX Compliance for Your Business?
SOX was enacted to create a consistent standard of care for an array of public businesses, as well as private companies in some cases, in the interest of customers, employees, vendors and any relevant third parties.
Companies that need to achieve and maintain SOX compliance include the following:
- Publicly traded companies in the U.S., including all wholly-owned subsidiaries.
- All publicly traded non-U.S. companies doing business in the U.S.
- Private companies in the process of preparing for their initial public offering (IPO).
- Accounting firms or third-party businesses that provide services to any of the above-mentioned types of companies.
Why Is SOX Compliance So Important to Your Company?
While achieving and maintaining SOX compliance is crucial to your business on a practical level, many companies have experienced additional benefits from performing a regular SOX audit, including:
- Strengthening control environment
- Improving documentation
- Increasing audit committee engagement level
- Minimizing and streamlining complex tasks
- Allowing for management of security risks more proactively and effectively
- Streamlining auditing and reporting processes, increasing productivity and reducing costs
- Tightening up weak links
- Privatizing companies are more attractive as acquisition candidates for publicly held companies
Most importantly, SOX compliance provides transparency to your investors, customers, the regulatory body and the public. Complete and consistent SOX compliance reveals your commitment to ethical accounting practices and instills confidence in everyone who counts on your organization.
How Can You Achieve Optimal SOX Compliance for Your Organization?
More than 15 years after the SOX enactment, many companies still struggle to achieve and maintain compliance.
Even if you aren’t necessarily struggling to get up to speed on SOX compliance, it never hurts to review the process to fill in any possible gaps and feel more confident than ever about your organization’s SOX compliance status.
Explore the following overview considerations for a smooth auditing process and a report that reflects your organization’s strong ethical standing and solid controls.
Strategically Schedule the Timing of Your Annual SOX Audit
Your independent auditor must perform one SOX audit each year. Make sure that you keep your SOX audit separate from other internal audits to avoid any potential conflicts of interest.
Your best bet is to schedule your audit so you can have the results ready for your prepared annual report to share with your stockholders.
Learn the Most Crucial Sections of Your SOX Audit
The SOX audit is broken down into 11 sections, but six of those sections take precedence over the others. The critical six sections are 302, 401, 404, 409 and 802.
Section 302. Disclosure Controls
The report from this section must verify:
- The signing officers have reviewed the report.
- The report does not contain any material untrue statements or omissions.
- The financial statements accurately portray the company’s financial condition.
- The signing officers are responsible for internal controls and have assessed those controls within the past 90-days and have provided a report of their findings.
- There is a list of any and all deficiencies in the internal controls, as well as information regarding any fraud that concerns employees involved with internal activities.
- Significant changes related to internal controls that could have a negative impact.
Section 401. Disclosures in Periodic Reports
This section requires that financial statements must be accurate and presented in a way that does not contain any incorrect statements. These financial statements in the periodic reports must also include all material off-balance sheet transactions, obligations and liabilities that may serve to make the company’s financial position appear more favorable to investors than is true.
Section 404. Management Assessment of Internal Controls
Here, issuers must publish information in their annual reports regarding the scope and adequacy of the internal control structure and procedures for financial reporting. This statement must also contain the assessment of effectiveness of internal controls and procedures.
In the SOX report, the engaged and registered accounting firm shall attest to and report on the assessments about the effectiveness of the internal control structure and approach to financial reporting.
Section 409. Real Time Issuer Disclosures
Issuers must disclose any information or material changes in their financial condition or operations to the public, on an urgent basis.
Section 802. Criminal Penalties for Altering Documents
The fines and penalties are laid out in Section 802. Non-compliance, or inadequate compliance, can result in penalties and/or fines up to 20 years in prison for activities that include altering, destroying, mutilating, concealing, falsifying documents, records or objects with the intent to impede, obstruct or influence a legal investigation.
Section 802 also informs that penalties and fines can result in 10 years of imprisonment for any accountant who knowingly and willfully violates the requirements of audit and review papers over the course of five years their five years as lead auditor or reviewing auditor for a client.
Focus on Your Internal Controls
While it is important to learn as much as possible about each section of the SOX Act, you can also look at your audit as an opportunity to review and improve your internal controls.
These internal controls include any computers, electronic infrastructure, network hardware and any other technology-based components through which financial data passes.
For IT leaders, your part of the audit may focus on the following:
- Chain Management
- Backup Procedures
Are You Ready for Your Upcoming SOX Audit?
Do you have additional questions not covered in this post? Maybe you simply need an auditing firm that can perform your upcoming SOX audit?
At I.S. Partners, LLC., we specialize in performing internal audit preparedness engagements for businesses throughout the United States. Our staff diligently follows updates to the Sarbanes-Oxley Act and can help clients obtain and maintain optimal SOX compliance.