The Sarbanes-Oxley Act (also known as “SOX”) was enacted in 2002 as a means of preventing corporate fraud and to provide a method for overseeing accounting practices. Under SOX, company loans to executives were prohibited and it provides job protection to corporate informers. SOX has reinforced the financial literacy and independence of corporate boards while holding CEOs personally accountable for errors and omissions in accounting audits.
All public companies must comply with SOX in both their financial and IT operations. To be compliant, corporations must save all business records (including electronic records and electronic messages) for at least five years. Penalties for non-compliance can include fines, imprisonment, or both.
Which Organizations Must Comply with SOX?
All publicly traded companies in the United States are subject to SOX compliance. It also applies to wholly owned subsidiaries and foreign companies that are publicly traded and do business in the United States. In addition, SOX regulates any accounting firm that performs audits of companies that must comply with SOX.
Generally speaking, private companies, non-profits, and charitable organizations are not obliged to comply with all of SOX. However, private organizations should not knowingly falsify or destroy financial data, and SOX does have the ability to penalize companies that do. A private company that is preparing for an Initial Public Offering (IPO) should take steps to comply with SOX before going public.
What are the Requirements for SOX Compliance?
SOX is divided into eleven titles. For compliance considerations, the most important sections are considered to be 302, 404, 409, 802 and 906.
Section 302 – Corporate Responsibility for Financial Reports
All public companies must file periodic financial reports with the Securities Exchange Commission (SEC). The principal executive and financial officers must each sign the report to confirm that they have reviewed it, This action is meant to certify that the report does not contain any false statements and does not exclude any pertinent information. Additionally, the signers of the report have responsibility for establishing and maintaining internal controls and are required to validate these controls within 90 days prior to the issuance of the report.
Section 404 – Management Assessment of Internal Controls
Yearly financial reports must provide an Internal Control Report indicating that management is responsible for an “adequate” internal control structure, and an effectiveness analysis by management of the control structure. Any deficiencies in these controls also must be stated. Additionally, registered external auditors must verify the accuracy of management’s claim that internal accounting controls are have been implemented and are effective.
Section 409 – Real Time Issuer Disclosures
in the interest of protecting investors, organizations must, in a timely manner, notify the public of any significant changes in the financial condition or operations of the company.
Section 802 – Criminal Penalties for Altering Documents
Any person who knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or includes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of matters before the SEC can be fined, and/or imprisoned for up to twenty years.
Section 906 – Corporate Responsibility for Financial Reports
The criminal penalty for certifying a misleading or fraudulent financial report can include fines of up to $5 million and twenty years in prison.
The Need for SOX Compliance Training
Offering SOX compliance training for your finance staff is one part of an overall strategy for helping to ensure compliance. Effective SOX compliance training can help your business avoid mistakes that can lead costly penalties while allowing your staff to be more effective in their operations.
SOX compliance training not only helps your employees understand its basic requirements, but also the minor details that, if ignored, could significantly impact your business.
eLearning for SOX Compliance Training
In recent years, as online technologies have continued to evolve, eLearning has emerged as a cornerstone approach to providing SOX compliance training for employees.
Unlike classroom-based training, eLearning provides a cost-effective and convenient learning model that can be quickly and easily implemented along with powerful supporting tools for student onboarding, communication, collaboration, engagement, and analysis.
LMS Portals offers a powerful cloud-based platform that allows you to run your SOX Compliance training on your own branded eLearning portal.
Contact us today to get started for free!