In Sarbanes-Oxley compliance your SOX policies and procedures have the same purpose as with ISO 9001 policies and procedures, to provide a foundation for improvement. Sarbanes-Oxley is not a quality standard so why the need for improvement?
First, Sarbanes-Oxley (SOX Section 302 and 404) requires that your financial reports contain accurate information from controlled accounting and financial processes. Second, signing executives have to report on the effectiveness of the company’s internal controls and disclose any significant deficiencies in the design or operation of those internal controls that could affect the company’s financial reports.
ISO 9001 uses terms like effectiveness and deficiencies too. Only the focus with your SOX policies and procedures is to continuously improving effectiveness and identifying non-conformances that do not conform to planned arrangements. Sounds pretty similar to SOX compliance.
SOX policies and procedures are used to build consistency, communicate SOX internal controls, and provide a baseline for SOX improvement. This is done by identifying a target performance (policy) and communicating a series of actions (procedure) to achieve the target. Risks are areas for mistakes, fraud, or abuse. Internal controls are responses to mitigate identified risks to the policy and procedure.
For example, an accounts receivable policy might be timely invoice collection. Your procedure consists of the steps to ensure a timely invoice collection. Risks include an accounts receivable clerk taking cash, misapplying collections, or not collecting at all. Internal controls could include: segregation of duties, cash application controls, bad debt reserves, credit policy, credit approval process, and so on. Each control counters one or more identified risk to the accounts receivable procedure.
But let’s say we missed a few risks, now what? If it is determined to be a significant deficiency then you would disclose the risks that you missed and work on improving them. With SOX policies and procedures like this, you are Sarbanes-Oxley compliant. You have reported on the effectiveness of your controls and disclosed known deficiencies, just like with ISO 9001. Sarbanes-Oxley compliance and ISO 9001 conformance are pretty similar in their implementation.
Bizmanualz Accounting Policies Procedures Manuals serve as a model, or framework, for your own SOX policies and procedures. Save time with the CFO Accounting Policies and Procedures Manuals set, which contains 262 procedures you can use to address Sarbanes-Oxley compliance with the ten accounting cycles.