Skip to content.

Sarbanes-Oxley Act (SOX) Compliance

What is SOX?

The Sarbanes-Oxley Act (SOX) was passed in 2002 by the U.S. Congress in order to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, as well as to improve the accuracy of corporate disclosures. It established strict financial reporting and security protocols within publicly traded companies.

Challenge of addressing SOX Compliance

All public companies are required to comply with the Sarbanes-Oxley Act (SOX), a U.S. regulation designed to protect the general public and shareholders from fraudulent accounting practices, prompted by a series of high-profile corporate financial scandals in 2002. SOX compliance is mandatory and intended to enforce corporate governance and accountability through comprehensive internal checks and balances. The act demands extensive and expensive recording standards, as well as enforces steep fines for non-compliance

Sarbanes Oxley requires all publicly traded companies to report their internal accounting controls to the Securities and Exchange Commission (SEC), calling on the CEO and CFO to personally attest to the completion and accuracy of their records. Failure to comply with SOX compliance can lead to significant personal fines for senior executives and even jail time. To ensure measures for transparency, Sarbanes Oxley enhances whistleblower protections to encourage the reporting of illegal activities that may not be exposed readily or through a SOX audit. The act gives the U.S. Department of Justice authority to criminally charge employers who retaliate against whistleblowers.

What You Need

Compliance Policies

Policies and procedures need to clearly detail internal controls, auditing practices and documentation standards to ensure a SOX audit-ready trail of evidence proving compliance.

Whistleblower Hotline

Publicly traded companies are required to have a whistleblower hotline for employees to report suspected or actual misconduct or violations of policies without fear of retaliation.

Effective Training on SOX Compliance

Periodic training is necessary for all directors, officers, relevant employees, and agents/business partners to ensure the business is doing all it can eliminate or identify potential fraud.

Code of Conduct

Corporate commitment to zero tolerance for retaliation needs to be declared in the organization’s code of conduct and in its policies and procedures.

Integrated, Agile Risk & Compliance Processes

Companies must centralize and integrate control information, risks and audit activities to obtain an accurate view of SOX compliance status and to quickly meet SOX requirements.

Ability to Scale

A successful SOX program should have the ability to adapt to change quickly and scale to meet more complex risks as the company grows.

Steps You Can Take to Meet SOX Compliance

Step 1

Conduct risk assessments and audit control sets to determine how effective controls are, understand control weaknesses, and identify gaps.

Step 2

Make sure your policies and procedures support controls and guide employee behavior as well as create sufficient documentation of the company’s corporate governance and sustainability practices.

Step 3

Offer multiple whistleblower reporting methods, including a compliance hotline to encourage employees to identify and report potential SOX violations. Resolving violations internally can protect companies and executives from significant financial and reputational damage.

Step 4

Train the right people on internal accounting controls and documentation best practices to mitigate risks of a failed SOX audit.