The Sarbanes-Oxley (SOX) Act, also referred to as the Public Company Accounting Reform and Investor Protection Act, is one of the biggest financial reporting mandates to affect businesses in the last few decades. SOX is a mandate that applies to all publicly-traded companies in the U.S. (as well as wholly-owned subsidiaries and foreign companies doing business in the U.S.), mandating strict guidelines for how financial information is stored and reported.
What Is the Sarbanes-Oxley Act?
SOX is a U.S. law meant to protect investors from fraudulent financial reporting by improving and codifying finance reporting and auditing standards. Sarbanes-Oxley mandated reforms to existing U.S. securities regulations and placed stricter penalties on violators. With SOX, auditors, accountants, and financial officers must adhere to rigorous recordkeeping requirements and reporting to ensure compliance.
Although the full legislation outlined in SOX is complicated, its key provisions can be summarized as such:
- Section 302: Corporate officers must certify in writing that the company’s financial statements comply with disclosure requirements set forth by the U.S. Securities and Exchange Commission (SEC) and “fairly present in all material respects the financial condition and results of operations of the issuer” at the time of reporting.
- Section 404: Management must create internal controls and dedicated reporting to validate the adequacy of these controls.
- Section 802: Companies must adhere to specific rules surrounding destruction and falsification of records, retention periods for business records, and which records (including electronic communications) must be stored.
Why Is SOX Important?
Passed in 2002, SOX can be thought of as a response to the many high-profile financial scandals that occurred in the 90s and early 2000s.
It wasn’t that long ago that global companies like Enron and WorldCom were on top of the world with little indication of any fraudulent activity occurring behind the scenes. As we know, things changed rapidly with both companies meeting an untimely end due to fraudulent accounting activities.
Enron’s scandal reportedly cost shareholders $74 billion in the four years leading up to the company’s bankruptcy, and WorldCom’s civil fraud suit was settled for a $2.25 billion payout, with the CEO and executives facing criminal charges from regulators. Understandably, shady accounting practices and inflation of corporate profits on a billion-dollar scale put shareholders in an unfortunate position when Chapter 11 rolled around.
SOX aims to protect investors from these situations by holding companies to stricter financial reporting standards and penalizing them for failing to comply.
What Are Some SOX Compliance Best Practices?
Achieving SOX compliance isn’t a simple task for enterprises, but there are a few basic practices that any business can employ to move them in the right direction.
- Start with a plan and create a timeline for compliance milestones.
- Select a framework for SOX compliance to help direct your efforts and gauge the efficacy of governance efforts.
- Perform a risk assessment to illustrate which business areas are most in need of attention.
- Document all existing processes to bring visibility to workflows and ensure lines of responsibility are laid out for staff.
- Evaluate IT infrastructure with the knowledge that critical IT systems will be a top area of focus for SOX compliance.
- Assess third-party providers working with your company and ensure that all vendors have compliant controls in place.
- Note deficiencies across testing and planning processes to determine whether they are material or significant.
- Communicate results to senior management and stakeholder to ensure everyone is in the loop on Sarbanes-Oxley compliance.
How Can You Find the Right SOX Compliance Service?
The above steps are a great starting point, but as many businesses have discovered, SOX compliance isn’t tackled overnight. It’s a long, time-consuming process that may take a company years to achieve. Most businesses don’t handle the process alone and opt to work with one or several SOX compliance partners that can ensure every part of the business infrastructure is up to code.
These partners typically specialize in compliance readiness services that may include document preparation, risk assessments, process documentation, internal control assessments, and ongoing reporting of results. These partners help companies bring visibility to financial reporting and understand how to establish critical financial controls that align with SOX mandates.
Companies that leverage secure platforms for communications and record-keeping will have a head start here, as the right communication platform provider will store all messaging in a secure platform that can easily meet SOX standards. However, each company will need to work with its chosen partner to develop a unique roadmap that ensures every aspect of the business stays compliant.
The Bottom Line
The Sarbanes-Oxley Act represents a new era of corporate and financial responsibility. While many companies were quick to take advantage of the rapid tech acceleration that occurred in the dot com boom to obfuscate their bottom lines, others have worked to maintain clear, accurate finances since their inception. SOX protects these businesses, as well as their investors, by ensuring that companies maintain adequate financial controls.
Interested in learning how our secure Communications Platform can help you achieve and maintain regulatory compliance? Book a demo to find out.