Professional Documents
Culture Documents
SOX Compliance Requirements, Controls Checklist For 2021 - SoxLaw
SOX Compliance Requirements, Controls Checklist For 2021 - SoxLaw
com/)
SOX Compliance
SoxLaw (Https://Www.soxlaw.com) / SOX Compliance
Financial Reporting
Companies must provide periodic financial reports that have been
audited by independent auditors. SOX includes rules to ensure that
auditors are truly independent. One important provision is that the
accounting firms that provide audits cannot provide any other
services to the firms they audit, such as consulting or tax advice.
Financial statements must comply with Generally Accepted
Accounting Principles
(https://www.investopedia.com/terms/g/gaap.asp) (GAAP). The
statements must fairly represent the financial state of the
company, and the signing officer(s) certify that to the best of their
knowledge there are no untrue or misleading statements or
omissions in the reports. Reports are to include off balance sheet
transactions.
Internal Controls
Whistleblower Protections
Criminal Penalties
This is the part that can keep corporate CEOs awake at night: SOX
makes the “signing executives,” typically the Chief Executive Officer
and Chief Financial Officer, personally and individually responsible
for the attestations they are required to make. The penalty for filing
a false or misleading report can be up to a $5 million fine and 20
years of jail time. In order to provide some protection for
themselves, many CEOs now require “sub-certifications.” They
require lower-level executives, for example division or subsidiary
heads, to make the same type of certifications regarding their
operations that the CEO has to make for the company as a whole.
The CEO’s hope is that in the event there was something
fraudulent in a subsidiary somewhere, the CEO could claim they
relied on the certification of the responsible executive, so they did
not “knowingly” submit a false report.
Plan ahead
Make sure you have a clear timeline established for when which
procedures and reports must be in place. Have both a short term
plan for the current year, and a longer term plan leading up to the
time when you need to be fully compliant.
Risk assessment
By the time a company has gone public, the chances are very good
that it will be big enough and will have complex enough processes
that it would be a very heavy financial burden to fully test and
evaluate each individual control in the company’s processes. A
proper risk assessment can be a very helpful tool in identifying the
areas where the company might be exposed to a higher level of
risk. It makes sense to focus testing and validation on the
processes where there is the greatest risk of a potential violation.
In to pass your audit with a minimum of cost and stress, it’s not
enough to good internal controls in place: those controls need to be
thoroughly documented. Information flow and lines of authority are
especially important. Procedures that are intended to prevent or
detect flaw should be particularly well documented.
Pay attention to IT
You need to make sure your controls work, especially the key
controls that have been identified by your risk assessment.
Fix deRciencies
The testing process is likely to turn up some things that didn’t quite
work as expected. That’s OK: that’s why you test, to find the weak
spots, and take corrective action. Major deficiencies, ones that
could have a material impact on the company, have to be reported
to the public in a 10-K.
Communicate
With all of the details that go into SOX compliance, there are
companies that have developed software tools to help companies
make sure they are fully compliant. Such software is typically used
as an adjunct to the SOX compliance checklists: the checklists tend
to focus on the bigger picture, and SOX compliance software
(https://www.soxlaw.com/sox-compliance-software/) can help with
all of the many details.
SOX audit
Conclusion
SoxLaw Resources
compliance-software/)
Recent Posts
(https://www.soxlaw.com/the-pros-and-cons-of-the-
sarbanes-oxley-act/)
! May 12, 2021
(https://www.soxlaw.com/what-to-expect-during-a-sox-
compliance-audit/)
! January 13, 2021
Useful Links