In Sarbanes-Oxley compliance your SOX accounting policies and procedures have the same purpose as with ISO 9001 2015 procedures, to provide a foundation for control improvement. Sarbanes-Oxley is not a quality standard so why the need for improvement?
What are SOX Requirements?
First, Sarbanes-Oxley (SOX Section 302 and 404) requires that your financial reports contain accurate information from controlled accounting and financial processes. Second, signing executives have to report on the effectiveness of the company’s internal controls and disclose any significant deficiencies in the design or operation of those internal controls that could affect the company’s financial reports.
ISO 9001 uses terms like effectiveness and deficiencies too. The focus with ISO 9001 quality policies and procedures is to continuously improving effectiveness and identifying non-conformances that do not conform to planned arrangements. Sounds pretty similar to SOX compliance.
SOX Accounting Policies and Procedures Provide a Baseline for Improvement
SOX accounting policies and procedures are used to build consistency, communicate SOX internal controls, and provide a baseline for SOX improvement. This is done by identifying a target performance (policy) and communicating a series of actions (procedure) to achieve the target. Risks are areas for mistakes, fraud, or abuse.
What are Examples of SOX Internal Controls?
Internal controls are responses to mitigate identified financial risks to the policy and procedure.
For example, an accounts receivable policy might be timely invoice collection. Your procedure consists of the steps to ensure a timely invoice collection.
Risks include an accounts receivable clerk taking cash, misapplying collections, or not collecting at all.
Internal controls could include: segregation of duties, cash application controls, bad debt reserves, credit policy, credit approval process, and so on. Each control counters one or more identified risk to the accounts receivable procedure.
What About Missing SOX Internal Controls?
Missing internal controls are common, as long as you know that which ones you’re missing. If it is determined to be a significant deficiency, then you would disclose the risks that you missed and work on improving them. With SOX policies and procedures like this, you are Sarbanes-Oxley compliant. You have reported on the effectiveness of your controls and disclosed known deficiencies, just like with ISO 9001. Sarbanes-Oxley compliance and ISO 9001 conformance are pretty similar in their implementation.
SOX Accounting Policies Procedures Framework
Bizmanualz Accounting Policies Procedures Manuals serve as a model, or framework, for your own SOX accounting policies and procedures. Save time with the CFO Accounting Policies and Procedures Manuals set, which contains 262 procedures you can use to address Sarbanes-Oxley compliance with the ten accounting cycles.
More Articles from Bizmanualz...
- What Does It Cost to Write Policies and Procedures?
- How to Create Policies and Procedures Strategy
- Guide to Writing Policies and Procedures Templates
- How Effective are Policies and Procedures?
- What are Examples of Policies and Procedures?
- How Do You Make Policies and Procedures Work?
- What Is a Policies and Procedures Manual?
- Policies and Procedures Questions Answered
- Why Use Policies and Procedures Manuals?
- Do You Need a Policies and Procedures Style Guide?
