Learn about AMR's inventory services for fixed asset reconciliation inventory, including Sarbanes-Oxley compliance. Contact us today.
Contact Us | White Paper | Calculator
www.AssetManagementResources.com
Easy, complete web-based solutions for financial controls management. Premier Sarbanes-Oxley Act software.
Request Info
www.paisley.com
Innovative and customized Sarbanes-Oxley Act solutions. Great people lead to great results. Contact us today.
www.advaion.com
7 Requirements for Sox database compliance. Download Guide Now.
www.AppSecInc.com
Generate Compliance Audit Reports For SARBOX, PCI, HIPAA, & GLBA.
www.EventLogAnalyzer.com
Offers accounts payable resources for finance professionals. Features online evaluations and answers to AP strategies, technologies, and processes.
www.theaccountspayablenetwork.com
Manage Employee Complaints with Web Based Software & Outsourced Hotline
www.customerexpressions.com
International & Domestic Payments; drafts/wires/ACH/forward contracts
www.Ruesch.com
Confidential, anonymous hotline and web reporting - Section 301
www.globalcompliance.com
Easy, complete web-based solutions for financial controls management. Premier Sarbanes-Oxley Act software.
Request Info
www.paisley.com (Paid)
Provides Sarbanes-Oxley (SOx) Act compliance solutions including Section 404 & 302.
www.metricstream.com(Paid)
Offers accounts payable resources for finance professionals. Features online evaluations and answers to AP strategies, technologies, and processes.
www.theaccountspayablenetwork.com (Paid)
Learn about AMR's inventory services for fixed asset reconciliation inventory, including Sarbanes-Oxley compliance. Contact us today.
Contact Us | White Paper | Calculator
www.AssetManagementResources.com (Paid)
Innovative and customized Sarbanes-Oxley Act solutions. Great people lead to great results. Contact us today.
www.advaion.com (Paid)
7 Requirements for Sox database compliance. Download Guide Now.
www.AppSecInc.com
Generate Compliance Audit Reports For SARBOX, PCI, HIPAA, & GLBA.
www.EventLogAnalyzer.com
Guide to Sarbanes-Oxley Act Compliance
Even small private corporations must comply with certain regulationsHere are some policies and procedures the act requires of every corporation:
- A whistle-blower policy that also spells out anti-retaliation rules
- An audit committee
- A charter for the audit committee that spells out committee member roles and responsibilities
- A document retention and destruction policy outlining how and how long documents are kept
Action Steps
The best contacts and resources to help you get it done
Obtain a summary of SOX requirements
If you're a corporation, you need to know the details of Sarbanes-Oxley and you must bring yourself into compliance. Several Web sites, including the federal government's Securities and Exchange Commission, list the requirements
I recommend:
Check out these sites for a summary of what you must do to comply: SWLearning, SoxLaw.com, the SEC SoxAct page
Get help from your audit firm
The company that audits your business can advise you on how to comply and how to keep proper records that comply with Sarbanes-Oxley regulations.
I recommend:
The American Institute of Certified Public Accountants lists ways your CPA firm can help you get on the right side of the regulations.
Set up a whistle-blower policy
Sarbanes-Oxley requires you to establish a whistleblower policy that protects the whistleblower from retaliation. Common policies include sections on confidentiality and handling of reported violations, usually to a member of the audit committee.
I recommend:
Find a sample whistler-blower policy that you can tailor to your company from the National Council of Nonprofit Associations.
Follow document retention requirements
One of the key components of SOX is retention of records for a certain period of time. The best way to do this is set up a record retention policy that complies with the act and generally accepted accounting principles.
I recommend:
Download a sample record retention policy from the American Bar Association, make sure you're in compliance with SOX and other state and federal regulations on record retention by checking a table from this QuickBooks site, and find a list of questions to ask when setting up a retention policy from the Web site of law firm Holme Roberts & Owen.
Use special software programs
From helping you set up internal controls to testing and managing databases, software can help you comply with the Sarbanes-Oxley Act.
I recommend:
You can get SOX software from Expensewatch.com and Quask.
Set up an audit committee
You must set up an audit committee and designate responsibilities to certain members. SOX mandates that certain committee members have specific financial certifications.
I recommend:
This CPA Journal guide tells you how to set up an audit committee that meets requirements, as does this Securities & Exchange Commission guide. The Institute of Internal Auditors provides a sample audit committee charter.
Publicly traded companies have additional SOX responsibilities
If you're a publicly traded company, senior management must certify the integrity of your financial statements. You are also subject to audits of your internal controls and limitations on personal loans to executive officers or directors.
I recommend:
For a list of the additional responsibilities of a publicly traded company, click on the University of West Georgia guide and this CPEOnline primer.
Tips & Tactics
Helpful advice for making the most of this Guide- Make sure your IT system is robust enough to produce timely, accurate and detailed financial reports to comply with Sarbanes-Oxley.
- Your compliance should include ways to make sure emails concerning financial matters are saved for a specified period of time and accessible from archives if needed.
- Consider an email policy that underscores to employees the fact that any and all emails on financial matters could be retrieved by regulators.
- Consider setting up regular internal audits to make sure you are in compliance of Sarbanes-Oxley.
- Many companies establish policies and practices and then fail on implementation. Be as rigorous in your implementation as you are in creating your policies.
