SOX Act Explained: Compliance, Requirements, Benefit and FAQs
In the intricate world of corporate governance, the Sarbanes-Oxley Act (SOX) stands tall as a landmark piece of legislation, ushering in a new era of transparency, accountability, and ethical financial practices.
Businesses and companies must comply with this ACT as its primary goal is to restore confidence in the financial sector by curbing fraudulent activities and fostering an ethical corporate culture.
In this blog post, we shall explain what the ACT is about, its compliance requirements, benefits, and consequences.
Overview of the Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 (SOX) is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.
The Sarbanes-Oxley Act was enacted to react to several major corporate and accounting scandals, including Enron and WorldCom. The Act ensures that publicly traded companies are transparent and accountable to their shareholders.
Related: PCI DSS Explained: Purpose, Compliance, Requirements and FAQs
What are the requirements for SOX Compliance?
The Sarbanes-Oxley Act has eleven sections that cover the responsibilities of a public corporation’s board of directors, add criminal penalties for specific misconduct, and require the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law.
To comply with this Act, companies need to run a yearly check on their financial statements to show how data is handled and the reliability of financial statements.
While there are eleven sections of the ACT, the major SOX compliance requirements are Sections 302, 404, 409, 802, and 906 because complying with these areas ensures data protection for the organization.
SOX Section 302: Corporate Responsibility for Financial Reports
The SOX section 302 requires the CEO and CFO of a company to certify that their company’s financial statements are accurate and complete.
They must also certify that they have established and maintained an adequate internal control structure and procedures for financial reporting.
Read our previous article to understand more about access controls in Information Security
SOX Section 404: Management Assessment of Internal Controls
As the name implies, this section requires companies to assess the effectiveness of their internal control over financial reporting and to include an auditor’s report on the assessment in their annual report.
SOX Section 409: Real-Time Issuer Disclosures
This section requires companies to disclose material changes in their financial condition or operations in real time.
SOX Section 802: Criminal Penalties for Altering Documents
This section makes it a crime to alter, destroy, or conceal any record, document, or tangible object intending to impede, obstruct, or influence a legal investigation.
A penalty for noncompliance to SOX Section 802 can result in up to 20 years of imprisonment. Accountants, auditors, and other related professionals who intentionally violate the requirements of maintaining all audit or review papers for five years can be sentenced to up to 10 years imprisonment.
SOX Section 806: Sarbanes Oxley Whistleblower
This section protects whistleblowers who provide evidence of fraud from retaliation by their employers.
SOX Section 906: Corporate Responsibility for Financial Reports
This section requires the CEO and CFO of a company to certify that their company’s financial statements comply with the requirements of the Securities and Exchange Commission (SEC).
Penalties for violation can attract a fine of $5 million and even up to 20 years imprisonment.
Related: HIPAA Explained: Purpose, Compliance, Key Aspects and FAQs
Who Must Comply With SOX?
SOX Compliance covers all publicly traded companies, so if your company is listed on the U.S. stock market or you’re a foreign entity listed in the U.S., you must be SOX Compliance. This also extends to accounting firms auditing public companies.
SOX introduces some ground rules between auditing functions and accounting firms to ensure transparency in financial records. For instance, auditing firms can’t double up on bookkeeping, audits, or business valuations.
Private companies, charities, or non-profits are not mandated to comply with SOX. However, there are penalties for noncompliance if they knowingly falsify or destroy financial records.
Private companies must also comply with SOX if they plan an IPO in the public market. Additionally, the human resource department must comply with SOX to establish controls in payroll systems, ensuring smooth sailing in handling the workforce, salaries, and benefits.
What are the benefits of SOX Compliance?
The Sarbanes-Oxley Act has several benefits, including:
- Strengthening the control environment
- Improving documentation
- Increasing audit committee involvement
- Standardizing processes
- Reducing complexity
- Strengthening weak links
- Minimizing human error
What are the consequences of SOX Noncompliance?
Here are some of the punishments that come when related businesses fail to comply with the SOX Act;
- Fines
- Potential removal from public stock exchanges, and
- Invalidation of Director and Officer (D&O) insurance policies.
Additionally, CEOs and CFOs knowingly submitting incorrect certifications during a SOX compliance audit could mean fines reaching up to $5 million and the possibility of spending up to 20 years behind bars.
Related: Understanding the General Data Protection Regulation (GDPR)
Conclusion
In conclusion, the Sarbanes-Oxley Act is a federal law that mandates certain practices in financial record keeping and reporting for corporations.
References
- https://www.govinfo.gov/content/pkg/COMPS-1883/pdf/COMPS-1883.pdf
- https://www.upguard.com/blog/sox-compliance