The Sarbanes-Oxley Act (SOX) is designed to protect investors from the effects of fraudulent accounting activities. Even though the Act is now more than 15 years old, some company CEOs and CFOs are still confused about how to comply with SOX. The following information can help you understand what SOX is, why it exists, and how to ensure your company is compliant.
Why Was SOX Established?
Passed by Congress in 2002, SOX was a response to accounting scandals that took place in the early 2000s. For example, the energy-trading company Enron used accounting fraud to falsely inflate the company’s revenue, making Enron appear to be one of the largest corporations in the United States. When the fraud was discovered, Enron share values plummeted, causing investors to lose money.
Several other accounting scandals occurred soon after Enron. Two of the largest affected the companies Tyco International plc and WorldCom. Congress knew that new regulatory standards were necessary to prevent investors from losing out again.
Who Has to Comply With SOX?
SOX applies to all publicly held US companies. In addition, privately held companies must comply with some SOX provisions.
SOX provisions that apply to both public and private companies include the following:
- Companies cannot discharge liabilities for violations of state and federal security laws through bankruptcy.
- Companies must not destroy, alter, or falsify records with the intention of impeding a federal bankruptcy proceeding or an investigation by a federal agency.
- Companies must not retaliate against anyone who provides law enforcement with true information.
What are the Penalties for Not Complying With SOX?
Anyone who does not comply with SOX can face not only fines, but also a prison sentence. According to Section 906 of the Sarbanes-Oxley Act, the penalty for willfully failing to comply with SOX can be a fine of up to $5 million in addition to a prison sentence of up to 20 years.
How to Comply With SOX
To comply with SOX, all publicly traded companies must establish an independent audit committee. This committee should oversee company audits to ensure that no fraudulent activity takes place. At least one member of the committee should have experience of accounting procedures and financial reporting. None of the members should have any other relationship with the company. You should review and change your audit partners every five years to reduce the risk of inappropriate relationships developing that could compromise the integrity of audits.
Another requirement for SOX compliance is that both the CEO and CFO of a company must sign the company’s quarterly and annual financial statements. These signatures certify that the CEO and CFO have reviewed the reports and ensured that the information they contain is accurate.
All companies should have internal procedures and controls to ensure SOX compliance. One of these controls should be a blackout period for stock trading. Employees must not sell stock they have purchased through their company 401Ks during this period. This control prevents employees from taking advantage of inside information to trade. The blackout period should last for a few business days and come into force during any major administrative changes in your company.
Another important control under SOX is to treat financial records with place. All companies should ensure that no financial records are destroyed, altered, omitted, or falsified. Keep all audit information for at least five years. Penalties for altering or deleting this information can be very severe, including prison sentences, so it is extremely important to keep it safe.
It is very important to stay up to date with any changes to SOX regulations. Some companies appoint an internal employee to stay up to date with SOX-related standards and rules, but many organizations find it easier to work with a consultant who is an expert in SOX compliance.
How an IT Company Can Help You Meet SOX Compliance Requirements
Working with an IT company is an excellent way to ensure SOX compliance in your organization. An IT support company that has experience of SOX compliance can ensure that your IT systems can reliably and securely store the financial information that your organization is legally required to keep. A good IT company can also ensure that only certain employees have access to this information, which helps to reduce the risk of unscrupulous workers editing, deleting, or stealing important information.
Outsourcing some aspects of SOX compliance to an IT support company is a good way to allow your employees and directors to focus on their main roles within your business. For many organizations, SOX compliance requirements can be a major hassle and distraction. Working with a third party makes it possible to have peace of mind that SOX compliance is taken care of, without having to spend large amounts of time getting to grips with the details of the Act.
To find out how an IT company can help you meet SOX compliance requirements, get in touch with a well-established IT services provider today. A good consultant should be happy to speak to you to find out what your company’s needs are with regards SOX compliance. They will then explain how an IT services provider can help you to comply both now and in the future.