The federal Sarbanes Oxley Act was established in 2002 in the wake of the corporate financial scandals at Enron and other large companies. The SOX act requires companies to set up standardized financial reporting protocols, checks and balances. Top management also must certify the integrity and accuracy of the financial statements.
Here are some policies and procedures the act requires of every corporation:
- A whistle-blower policy that also spells out anti-retaliation rules
- An audit committee
- A charter for the audit committee that spells out committee member roles and responsibilities
- A document retention and destruction policy outlining how and how long documents are kept
Obtain a summary of SOX requirementsIf you're a corporation, you need to know the details of Sarbanes-Oxley and you must bring yourself into compliance. Several Web sites, including the federal government's Securities and Exchange Commission, list the requirements
SEC SoxAct page
Get help from your audit firmThe company that audits your business can advise you on how to comply and how to keep proper records that comply with Sarbanes-Oxley regulations.
Set up a whistle-blower policySarbanes-Oxley requires you to establish a whistleblower policy that protects the whistleblower from retaliation. Common policies include sections on confidentiality and handling of reported violations, usually to a member of the audit committee.
Follow document retention requirementsOne of the key components of SOX is retention of records for a certain period of time. The best way to do this is set up a record retention policy that complies with the act and generally accepted accounting principles.
Use special software programsFrom helping you set up internal controls to testing and managing databases, software can help you comply with the Sarbanes-Oxley Act.
Set up an audit committeeYou must set up an audit committee and designate responsibilities to certain members. SOX mandates that certain committee members have specific financial certifications.
Securities & Exchange Commission guide. The Institute of Internal Auditors provides a sample audit committee charter.
Publicly traded companies have additional SOX responsibilitiesIf you're a publicly traded company, senior management must certify the integrity of your financial statements. You are also subject to audits of your internal controls and limitations on personal loans to executive officers or directors.
University of West Georgia guide and this CPEOnline primer.
- Make sure your IT system is robust enough to produce timely, accurate and detailed financial reports to comply with Sarbanes-Oxley.
- Your compliance should include ways to make sure emails concerning financial matters are saved for a specified period of time and accessible from archives if needed.
- Consider an email policy that underscores to employees the fact that any and all emails on financial matters could be retrieved by regulators.
- Consider setting up regular internal audits to make sure you are in compliance of Sarbanes-Oxley.
- Many companies establish policies and practices and then fail on implementation. Be as rigorous in your implementation as you are in creating your policies.