What Is The Purpose of SOX Policies and Procedures?

In Sarbanes-Oxley compliance your SOX policies and procedures have the same purpose as with ISO 9001 policies and procedures, to provide a foundation for improvement.  Sarbanes-Oxley is not a quality standard so why the need for improvement?

First, Sarbanes-Oxley (SOX Section 302 and 404) requires that your financial reports contain accurate information from controlled accounting and financial processes.  Second, signing executives have to report on the effectiveness of the company’s internal controls and disclose any significant deficiencies in the design or operation of those internal controls that could affect the company’s financial reports.

ISO 9001 uses terms like effectiveness and deficiencies too.  Only the focus is on continuously improving effectiveness and identifying non-conformances that do not conform to planned arrangements.   Sounds pretty similar to SOX compliance.

SOX Policies and Procedures Provide a Baseline for Improvement

SOX policies and procedures are used to build consistency, communicate SOX internal controls, and provide a baseline for SOX improvement.  This is done by indentifying a target performance (policy) and communicating a series of actions (procedure) to achieve the target. Risks are areas for mistakes, fraud, or abuse.  Internal controls are responses to mitigate indentified risks to the policy and procedure. 

For example, an accounts receivable policy might be timely invoice collection.  Your procedure consists of the steps to ensure a timely invoice collection.  Risks include an accounts receivable clerk taking cash, misapplying collections, or not collecting at all.  Internal controls could include: segregation of duties, cash application controls, bad debt reserves, credit policy, credit approval process, and so on.  Each control counters one or more identified risk to the accounts receivable procedure. 

But let’s say we missed a few risks, now what?  If it is determined to be a significant deficiency then you would disclose the risks that you missed and work on improving them.  With SOX policies and procedures like this, you are Sarbanes-Oxley compliant.  You have reported on the effectiveness of your controls and disclosed known deficiencies, just like with ISO 9001.  Sarbanes-Oxley compliance and ISO 9001 conformance are pretty similar in their implementation.

Bizmanualz Accounting Policies Procedures Manuals serve as a model, or framework, for your own SOX policies and procedures.  Save time with the CFO Accounting Policies and Procedures Manuals set, which contains 239 procedures you can use to address Sarbanes-Oxley compliance with the ten accounting cycles.

About Bizmanualz
Bizmanualz has been at the forefront of deploying business best practices since 1995 delivering Policies, Procedures and Forms; quality systems implementation; and strategic business process improvement to help business owners achieve the growth and expansion they envision.

Learn more about Bizmanualz solutions:

• Policies & Procedures Manuals
• Strategic Process Improvement
• Quality Training Courses

    Email     Print    Subscribe     

Posted on Monday, November 9th, 2009 under Accounting Procedures, Business Improvement Services, ISO Quality Standards

Licensed under a Creative Commons Attribution 3.0 United States License.

This article can be reproduced freely ONLY with the following attribution:

Originally published in 2009 by Bizmanualz, Inc. under the title What Is The Purpose of SOX Policies and Procedures?. All rights reserved. Reproduction permitted with attribution only. www.bizmanualz.com