|
|
Like this article? PLEASE +1 it! |  |
|
Revisiting Sarbanes-Oxley Compliance
| Guest post by: Arthur Rothberg |
Article Overview: This article provides an updated view on The Sarbanes-Oxley Act (SOX) with a look at key sections, as well as financial management and controls and information technology. Included are three recommended strategies that characterize an effective SOX compliance methodology. The article also identifies online SOX resources including agencies, associations, media and financial peer communities.
 |
Free Download - Data Security & Outsource Service Providers By Arthur Rothberg |
Revisiting Sarbanes-Oxley Compliance
The Sarbanes-Oxley Act (SOX) has brought major changes to the regulation of financial reporting and corporate governance practices. SOX was enacted in the wake of the Enron and WorldCom financial scandals to protect shareholders and other company stakeholders from corporate accounting errors and fraudulent financial practices. The Act covers a range of areas from corporate board and CEO responsibilities to independent auditing requirements, to enhanced financial transparency, and internal control assessment.
Enacted in July of 2002, SOX is administered by the Securities and Exchange Commission, which sets strict deadlines for compliance. Penalties for non-compliance can include hefty fines, lengthy prison terms, or even both. The Dodd-Frank Act, which was signed into law in July, 2010, modified certain provisions of the Act to allow smaller public companies (i.e., companies with a market cap of less that $75 million) to opt out of full compliance with SOX.
While SOX requirements may seem burdensome, time-consuming and costly - especially when organizations are first developing systems and processes for assessment and compliance - the intent and basic tenets of the Act are sound. In fact, all companies - from small public companies granted relief under Dodd-Frank to private firms of any size and even non-profits - can benefit from compliance. SOX provides the framework needed to review operational and managerial processes, strengthen internal controls, improve record-keeping and financial reporting, and upgrade data management systems and security. Companies adhering to SOX requirements will achieve best-in-class governance structures and improve their operational effectiveness and efficiency in the long term.
The Sarbanes-Oxley Act is arranged into eleven titles. With regard to compliance, the key sections are 302, 401, 404, 409, 802, and 906.
Section 302 requires a company's officers to certify that statutory financial reports fairly present the firm's financial condition and results in all material respects with no material false or misleading statements or material omissions. The signing officers bear responsibility for internal controls, and organizations may not attempt to avoid the requirements by reincorporating or relocating.
Section 401 requires that published financial statements (including off-balance sheet liabilities or transactions) must be accurate and not omit any material information.
Section 404 requires issuers to disclose the scope, adequacy, and effectiveness of the firm's internal control structure and financial reporting procedures in their annual reports.
Section 409 states that issuers must publicly and immediately disclose any material changes in their financial condition or operations.
Section 802 imposes penalties for actions such as altering, destroying, hiding or falsifying records, documents, or tangible objects with the intent of obstructing, impeding, or influencing a legal investigation.
Section 906 requires firms' CEOs and CFOs to submit written certification statements along with the periodic financial reports.
The Sarbanes-Oxley Act impacts virtually all financial management and IT functions within public companies.
Financial Management and Control
Within the organization, the roles and responsibilities for SOX compliance should be clearly defined and delineated, including the roles of the CEO, CFO, CIO, and Corporate Secretary, as well of the internal audit, IT, treasury, and accounting teams.
Ongoing SOX compliance entails a regular dialogue among the company's executives and these groups. It is important to institute the concept of continuous auditing and ensure that accurate, reliable, up-to-date financial information is always accessible. The financial processes should be automated and linked, and the linked processes should be reviewed in the light of specified control parameters. Regular compliance meetings should be conducted where any issues related to SOX compliance can be addressed.
Other organizational stakeholders, including suppliers, contractors, partners, and employees should be aware of compliance and control objectives and encouraged to participate in the process as appropriate.
Information Technology
SOX compliance calls for regular review and updating of all IT systems where data administration issues such as capacity management, storage, security, and accessibility can be vetted. Policies for email retention and e-security should be spelled out. User access and intrusion detection infrastructure should be updated regularly. Any new IT systems or modifications to existing systems should be analyzed for possible impacts to SOX compliance. IT systems and processes relating to compliance assessment and implementation should be tested and updated periodically.
Required companies must - and all other companies should - be fully aware of SOX compliance requirements, and fully document appropriate implementation systems in their processes. Documentary evidence needs to be maintained to prove that SOX compliance meetings are being held, that compliance progress is being tracked, and that any non-compliant areas are being addressed with plans for corrective action. There should be ongoing documented training for the administration of the compliance audit program and financial reporting and controls. In addition, there should be full documentation of all governance policies, including any and all changes to these policies.
By requiring written statements corroborating the financial reporting, the Sarbanes-Oxley Act places accountability for SOX compliance squarely on the shoulders of each organization's executive managers. It is up to the management team to create a culture of transparency and quality governance as well as ensure strict adherence to all requirements of SOX Act. Policies should ensure that corporate behavior is consistent, controlled, and provable, and should follow the letter of the law as exhibited by disclosure controls and financial reporting.
An effective SOX compliance methodology begins with a thorough and thoroughly documented analysis of all existing operational and managerial processes, including financial reporting and disclosure processes, auditing constructs, as well as information technology (IT) systems. This phase of documenting and analyzing the existing systems is often the most arduous. Here are strategies to ensure SOX compliance best-practices:
1. SOX Task Force
Create an internal task force comprised of key SOX stakeholders like the CEO, CFO, CIO, COO, and the Corporate Secretary. To the extent that they are not represented by the previously-mentioned executives, assure there is also representation from groups like internal audit, treasury, and accounting. The group should hold regular monthly meetings to address all aspects of SOX compliance including recent developments, updates, new regulations, new reporting requirements, and identified problem areas.
2. Assessment, Gap Analysis and Corrective Action
Charge this task force with conducting a comprehensive assessment of operational and managerial processes, internal controls, record-keeping, reporting, information technology systems, and security. Identify gaps that exist and steps that need to be taken in order to achieve full compliance. Adopt a proactive stance moving forward to ensure that nothing is overlooked or left to chance.
3. Monitor Developments
Stay apprised of recent developments and ongoing SOX discussions. Online resources include the following:
Securities and Exchange Commission
http://www.sec.gov
The Institute of Internal Auditors
http://www.theiia.org
Bloomberg Businessweek: Sarbanes-Oxley Compliance News
http://bx.businessweek.com/sarbanes-oxley-compliance/news/;jsessionid=302BB4BA1FD277AC20BE93AF0FAD625C.nj03bx
LinkedIn Group: SOX Professionals Group Lk-in
5,000+ members
LinkedIn Group: Sarbanes Oxley Compliance Professionals Association (SOXCPA)
3,300+ members
LinkedIn Group: SOX International Group
3,400+ members
LinkedIn Group: Sarbanes Oxley (SOX)
2,300+ members
Organizations that do not possess the internal capacity, expertise, or range of skills needed to assess their structures and remediate their processes often find SOX compliance outsourcing to be a cost-effective solution. With commercial SOX compliance software to automate the system review process and experienced financial professionals who have special training and expertise in SOX constructs, an outsource provider can often pinpoint where current processes are non-compliant and advise management on what changes are needed to meet control objectives.
Once these processes are in place, SOX compliance essentially becomes an ongoing review and updating process, as well as a continuing set of regular internal process improvement activities.
SME's - a link between funding and a compliance model
RISKY BUSINESS
SME's - a solution for Africa
Compliance smells like money.
SME's - regulatory compliance - is it an issue
Talent
Health Benefits for Dependent Children
Mastering Time Management
Governance in the SME Sector (including NFPs) – A Waste of Time?
Compliance Issues Threaten Internships
P3 Compliance and Constructing Policies That Hold Up in Court
ICE Launches Workplace Immigration Crackdown
Be a No Bully Manager
Training Employees in a Tight Economy
Are you anxious about using social media in your business?
The Role of the Franchise Compliance Coordinator
Recession Proof Networking
OFCCP and EEOC Compliance
Compliance: Why Does Your Website Need a Phone Number?
Risk Management for Law Firms
Article Tags: act, corporate governance, doddfrank, financial reporting, information technology, internal control, requirements, sarbanes oxley, sections, sox, strategies, task force, titles
|
About the Author: Arthur Rothberg RSS for Arthur's articles - Visit Arthur's website Click here to visit Arthur's website   Negotiating Fair Covenants Why Would a CFO Hire a CFO? Reinventing Your Company |
Related Forum Posts
Share this article with your friends. Fund someone's dream.
Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
by: Leanne Hoagland-Smith, Chicago Sales Coach
Build Your List with Joint Venture Giveaway Events
May 2012 Top 100 Social Media Experts to Follow on Twitter
What to measure to be phenomenally successful in business
10 mistakes of media relations
Making Money Blogging Can Be Tons Of Fun 
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
SEO – Link Building Secrets
Leading from Authenticity is a Beautiful Thing
Setting Goals for your Home Based Business
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.