How Demanding Is Sarbanes-Oxley (SOX) Compliance?

It has been more than five years since most provisions of the Sarbanes-Oxley Act of 2002 took effect (in mid- 2003). Many publicly traded companies, however, still seem to struggle with developing a confident understanding of compliance.

To a degree, the confusion over SOX seems inordinate in relation to the complexity of the regulation. Actually, compared to the intricacy of other regulations enforced by the Securities and Exchange Commission (SEC), Sarbanes-Oxley compliance is relatively straightforward. It is somewhat hard to understand why there is so much misunderstanding about Sarbanes-Oxley, so let’s review the basics.

SOX Compliance Basics

As noted, for the most part the efforts required to comply with SOX should not be difficult. In fact, the most arcane sections of the law require no effort by publicly traded companies whatsoever. These Sarbanes-Oxley sections deal with topics such as:

• Authorization and establishment of the Public Company Accounting Oversight Board (PCAOB)
• Funding and reviewing studies on corporate accountability and fraud
• Increasing punishment for white collar crime

As a brief overview shows, most sections of the SOX regulation that do require action by publicly traded companies are not that demanding:

• Creating an Audit Committee from the Board of Directors to oversee independent financial auditing activities, directly receive audit reports, and develop a process for receiving and investigating anonymous complaints about unethical accounting practices. The committee must be chaired by someone with accounting or finance experience.

• Using auditors that are independent from other company relationships, are registered with the PCAOB and comply with its requirements, and lead auditors that are rotated at least every five years.

• Avoiding improper relationships and creating transparency through implementing policies such as restricting employee movement between auditors and the organization; disclosing financial transactions (i.e. loans) with executives and officers; disclosing major stockholders; restricting officer and executive trading of company stocks when other employees are restricted from doing so; and prohibiting retaliation on whistleblowers.

• Management establishing an internal control system that ensures proper accounting practices and safeguards, produces accurate financial statements, as well as annually verifying the control system’s effectiveness.

Sarbanes-Oxley Section 404 Internal Control Compliance

It is that last item listed, management establishing and verifying an effective internal control system listed in SOX Section 404, that causes the most problems for publicly traded companies. Between Sarbanes-Oxley passage and its implementation, the SEC was inundated with questions and inquiries about how to comply with this internal control requirement.

In response to these concerns the SEC pointed to a 1992 report from The Committee of Sponsoring Organizations of the Treadway Commission (known as COSO) called “Internal Control – Integrated Framework.” The SEC cited this COSO report as one example of internal control, but also indicated that this was by no means the only method of effective internal controls.

The Role of Procedures in SOX Section 404 Compliance

It is somewhat unclear how well the SEC’s reference to the COSO report helped in clearing up confusion over internal controls. In response to the requirement, some companies began to “procedure-ize” all of their activities in finance and accounting, mistaking mounds and mounds of procedures for an internal control system.

While procedures are an important component of internal control, creating stacks of paper really only exacerbates the problem. By writing everything down in great detail and putting it in procedures you are setting your internal control system up for failure. Now anytime you do something somewhat differently than what is minutely documented in your procedures - you are not in compliance because you are not following your control system procedures.

In the next article in this series we will further consider the more (or only?) complicated aspect of Sarbanes-Oxley compliance: creating an internal control system and the role of accounting procedures, and the important role of using internal controls to address risk. In the meantime, feel free to browse sample procedures from our CFO-Controller Series and review the selection of accounting procedures for an accounting or finance control system. Our pre-written, editable accounting procedures in MS Word format are based on established best practices, and can provide an important head-start for developing key procedures as part of internal control.

To learn more about Bizmanualz Accounting Procedures go to http://www.bizmanualz.com/accounting/ and check out the Accounting Policies and Procedures Manual or sign up for the Bizmanualz Newsletter and download a free sample accounting procedure right now.

Related Articles:

1. How to Reduce Sarbanes-Oxley Compliance Costs
2. Is Sarbanes-Oxley Improving Corporate Governance?
3. Financial Policies and Procedures Manual Simplifies Financial Compliance
4. New Bizmanualz® Finance Policies and Procedures Manual Simplifies Sarbanes Oxley Compliance
5. How Nov. 15, 2004 Deadline for Sarbanes Oxley 404 Compliance Affects You

View free sample procedures from any (or all) of our policies & procedures manuals

    Email     Print    RSS

Posted on Monday, November 3rd, 2008 under Accounting Procedures Manuals, Internal Control, Sarbanes Oxley - SOX, Sarbanes Oxley Compliance