Understanding SOX Requirements and The Sarbanes-Oxley Act

  Visit IntelligentHQ on Linkedin     Understanding SOX Requirements and The Sarbanes-Oxley Act
Visit IntelligentHQ on Linkedin Understanding SOX Requirements and The Sarbanes-Oxley Act

SOX represent the Sarbanes-Oxley Act of 20. The act was named after Paul Sarbanes and Michael Oxley. The regulations are meant to be imposed on publicity traded firms. The US Congress passed the SOX act in 2002 after scandals rose when big companies such as Tyco International PLC, Enron Corporation, and WorldCom that affected the stock market.

The laws were designed to curb fears of corporate misconduct and to demand accountability by the Board of Directors and management when presenting and reporting financial information. However, the law became too complex for people to comprehend, which was not what was hoped initially.

Sarbanes-Oxley provisions

The SOX ACT features five fundamental provisions. First and foremost, it came up with the Public Company Accounting Oversight Board, which aimed at controlling how accounting company auditors work.  Secondly, it created the corporate governance regulations that established audit committee safeguards. Thirdly, the law enacted the disclosure requirements for press releases and financial reports. Number four, the 2002 SOX act, designed criminal penalties for public firms as well as CFOs and CEOs in case they falsify financial reports. Lastly, SOX created penalties of between 20 and 25 years for security fraud and obstruction of justice so as to prevent that which caused what happened between 2001 and 2002.

Sarbanes-Oxley Compliance

When it comes to SOX compliance, they fall into various areas, with most of them focusing on corporate governance corporate responsibilities. However, within these aspects, there exist some issues regarding data security.

For many, SOX compliance is extremely overwhelming.  As with any law, the most important thing is what matters to one company and not the entire law.

SOX Section 302

This section specializes on Disclosure Control and Procedures. To be precise, these procedures are not audited but are still checked by an independent auditor, reports that stipulate all the operations and controls for public disclosures. In addition, the section controls and monitors accountability of signing officers.

The section contains the following:

The signing officer has to review the report

The report contains the only true statement of material facts.  It may also not state material fact crucial to make the statements made.

In liegeman’s language, if an officer signs a document, they have promised to be true because it displays all the crucial procedures, and to clearly outline any adjustments that have taken place during the reporting period.

SOX Section 401

This section features two subsections of note. Its primary focus is financial disclosures which are supposed to be prepared based on the accounting standards to make sure investors are confident. The second section requires those in charge to report off-balance sheet discloses to make sure the transactions are done according to approved accounting rules.

The 401 regulations clearly stipulate the quarterly and annual public financial reporting that was initially misunderstood at the WorldCom and Enron Scandals.  Far from the section 302 regulations, a public accounting firm can only audit these sections.  

SOX Section 404

The Section 404 of SOX act specializes on the adequacy of internal controls, the scope of internal controls, as well as processes of financial reporting. This section of the SOX is much broader than the others where many companies are struggling and waste their SOX.

On the other hand, the brochure for the SEC contains the necessary steps to evaluate and document internal controls. To begin with, a firm must review its reporting risks.  The risks may either be internal or external factors that affect the business. They may be prompted by record transactions, process, and authorization shown in financial statements.

Before carrying out an evaluation, a company has to take the following into consideration:

  • The relationship between financial reporting elements and business level controls, as well as the level of operation they enact.
  • The number of processes that handle the same reporting risk, and the most efficient at evaluating such a risk
  • Determining automated control, the stability of IT controls, manual control and the amounts of human errors expected.
  • A company only needs to use processes that address financial reporting risks efficiently.

SOX Section 409

This section is also known as the Real Time Issuer Disclosure.  SOX said that issuers need to share information to the public in regard to financial operations or conditions.

Then, the disclosures are supposed to in a manner that people can easily understand and are backed by both qualitative and trendy information of visual presentations as required.

While SOX may have been the best solution for corporate culture in 2002, its pillars have helped improve financial reporting as well as information security.

Author Bio

Ken Lynch

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.

This is an article provided by our partners’ network. It might not necessarily reflect the views or opinions of our editorial team and management.

Contributed content