SOX compliance – an introduction

Share on facebook
Share on google
Share on twitter
Share on linkedin

The SOX act was introduced in the beginning of the 00’s, where there in the wake of several major corporate fraud scandals, came a need for protecting shareholders. The act includes eleven sections that all publicly held companies in the US must comply with. However, SOX compliance can be costly in terms of audit fees as the act has introduced higher demands for disclosing crucial information to stakeholders. Furthermore, the act emphasizes the need for internal controls to ensure that transactions are performed as they are supposed to and to catch any abnormalities.

What is SOX
The Sarbanes-Oxley Act (SOX) was signed into law on July 30, 2002, and it is also known as the ‘Public Company Accounting Reform and Investor Protection Act’. The act came into force after high profile corporate fraud scandals of corporations like Enron and WorldCom. The SOX act requires that all publicly held companies establish internal controls and procedures for their financial reporting to reduce the possibility of corporate fraud. This includes the entire IT infrastructure which must be reinforced and configured to maintain and demonstrate compliance for an audit. This means that management must be aware of the need for continuous and proactive operational risk management to recognize the links between technology infrastructure, business processes compliance and internal controls.

What does the act include?
The SOX act contains eleven sections that includes requirements for corporate management to document, monitor and certify the accuracy of financial statements and disclose any relevant off-balance obligations. Furthermore, it should be indicated whether internal controls within the company are sufficient and effective, and managers should immediately inform the public about any significant financial matters.

Penalties for non-compliance are serious and can include fines and removal from listings on US stock exchanges. Furthermore, CEO’s and CFO’s who knowingly have submitted incorrect information to a SOX compliance audit can face high fines and even jailtime.

SOX compliance
Companies must identify, track and validate business processes to ensure that its operations are SOX compliant. The SOX legislation also reflects a greater need for more transparency and accountability, which especially can be related to the Enron and WorldCom scandals. Besides transparency and accountability, SOX compliance also brings financial benefits like accurate financial reporting and stability in share prices due to the increased transparency. Increased efficiency is often also a side effect of SOX compliance, due to the required established internal controls and procedures for financial reporting.

Companies based outside the US are also affected by the SOX act, as they too must comply with the act in order to make an IPO. An example of this is the shipping company Hafnia Tankers, who have used Impero to aid in achieving SOX compliance, read the case story here. Impero is a cloud-based GRC solution that helps companies stay in control in various areas including risk and control, control self-assessment and tax control framework software.