The Sarbanes-Oxley Act is the law as of 2002. You may remember the infamous corporations that were the driving force behind the Act, such as WorldCom and Enron. SOX accordingly expanded and defined new requirements for all public companies as well as management accounting firms. In addition, boards of public organizations in the United States hold significantly more responsibility.
The act is designed to the safeguard the interests of investors by various means. Such as increasing the reliability and truthfulness of corporate disclosures in relation to securities laws. The legislation stipulates that the Securities and Exchange Commission must develop regulations defining how publicly traded corporations comply with the law. The Act also makes an effort to prevent companies from withholding information from their investors.
What does it require of public companies?
The Sox Act requires all publicly traded companies to establish procedures, processes, and internal controls for all forms of financial disclosure. Showcasing absolute compliance in the event of an audit. Sox also seeks to formalize and mandate an internal system of checks and balances.
Furthermore, it requires top management figures to individually certify the accuracy of financial data, serving to increase liability in the event of fraud. Senior executives therefore hold the most liability & responsibility. Accordingly, penalties under Sarbanes Oxley for fraudulent activities have drastically increased. On the other hand, outside, independent auditors are provided with much greater protection when reviewing financial statements.
The Public Company Oversight Accounting Board
The act contains eleven titles and mandates the creation of the Public Company Oversight Accounting Board (PCOAB). The PCOAB provides constitutional authority to oversee, inspect, discipline, and regulate accounting firms. in relation to their roles as auditors of publicly traded corporations. Additionally, the PCOAB is in charge of registering auditors, defining processes for compliance audits, and enforcing strict compliance with respect to the mandate of Sox.
How can an organization be Sox compliant?
Much of the of the act relates to information security, data transmission, data storage, financial governance and accountability. Consequently, IT infrastructure is the backbone of communication, compliance with Sox requires a slew of information accountability measures. The IT department is often involved in the audit process. IT managers need to develop high-level data security systems. Apart from merely passing the federal audit, Sox compliance can have real, tangible benefits to the operations of a business.
Sox compliance audits take place on an annual basis. Before the audit, company executives meet with the accounting firm and discuss all the specifics. Audits cover specifics such as who has access to what kind of data, what kind of security protocols exist for every tier of data, how change management is implemented, the nature and strength of backup procedures, the safeguards that exist to curb data tampering, the requisite protocols to respond to security breaches, and other relevant information.
All in all, Sox compliance can be a complex task and it will require considerable investment of a firm’s time and resources. Overall, a Sox audit is just a measure of how well a company manages its internal controls.
Failure to comply with the provisions of Sox can lead to significant civil penalties for non-compliance. CEOs and CFOs face fines up to $5 million and 20 years incarceration if they fudge details on Sox audits.