How do Sarbanes Oxley Compliance Requirements Affect Your Organization?
- Christopher Dale, Content Marketing Manager, ThriveDX's Enterprise Division
Chief Financial Officers are prime targets for cyber attacks. Maybe you remember the hacker group that targeted 35,000 CFOs with phishing emails (learn how to prevent phishing here).
In addition to stealing finances, hackers can expose a company’s financial secrets. Many financial institutions must have security awareness training to for compliance reasons.
Other forms of compliance related to accounting is the Sarbanes Oxley Act of 2002 (SOX), which passed in response to major corporate accounting scandals.
How do Sarbanes Oxley compliance requirements affect you and your organization?
Designed to protect investors, SOX Act requirements strengthen the accuracy and reliability of financial disclosures made by public companies. To ensure transparency and accountability, SOX mandates compliance requirements public companies must follow during financial reporting.
While many companies find Sarbanes Oxley compliance requirements costly and time-consuming to implement, they are essential for protecting investors and maintaining public trust in the markets.
What triggered the Sarbanes Oxley Act?
Before Sarbanes Oxley, there were no federal laws holding organizations accountable for accuracy in their financial reporting.
Several high-profile organizations including Enron and Arthur Anderson exploited this financial lawlessness, precipitating a massive drop in public trust.
Enron illuminated many weaknesses in financial reporting systems.
Enron executives used creative accounting techniques to hide the company’s true financial condition. When the truth finally came out, investors lost billions of dollars while executives took home millions in bonuses.
In response to Enron and other financial scandals like those perpetrated by Peregrine Systems and WorldCom, Congress passed the Sarbanes Oxley Act.
Sarbanes Oxley Compliance Requirements are designed to hold corporate executives more accountable for their actions while providing investors with more information about a company’s financial condition.
Executives can no longer claim unawareness of internal accounting inside their companies to escape responsibility.
SOX Act requirements established a duty of care, meaning executives had to take reasonable steps to ensure accurate financial statements.
Sarbanes Oxley Compliance Requirements: Key Provisions
SOX Act requirements mandate corporations comply with 11 sections, or “titles,” addressing corporate governance and financial disclosure. These are extensive requirements, covering every aspect of public company operations.
Here are some key elements of SOX that drive compliance:
- Public Company Accounting Oversight Board (PCAOB)
The SOX Act created the PCAOB, a nonprofit organization under the Securities and Exchange Commission (SEC) created to oversee the audits of public companies. It sets audit standards, inspects accounting firms, and takes disciplinary action against firms and individual accountants who violate these standards.
- Independent Auditors
Public companies must engage an independent accounting firm to audit their financial statements annually. SOX also restricts the additional services these firms provide to prevent conflicts of interest.
- Internal controls assessments
Public companies must implement adequate internal controls to ensure accuracy and completeness in their financial reporting. Internal controls effectiveness must also be periodically reviewed and assessed. - Corporate responsibility
Under SOX, the CEO and CFO of a public company are personally responsible for certifying financial statement accuracy. If statements are later found inaccurate or misleading, the executives are held liable. “Unawareness” is no longer a defense. Finally, the CEO and CFO must attest to internal control effectiveness. - Financial disclosures
SOX requires public companies provide a great deal of information about their financial condition, including off-balance sheet arrangements, related party transactions, and pro forma results.
They must also provide detailed information about their accounting policies and practices. Financial statements must be prepared in accordance with GAAP (Generally Accepted Accounting Principles) and reviewed by an independent accountant. - Corporate Fraud Accountability
SOX creates new crimes and increases penalties for fraud and corporate misconduct, while empowering law enforcement agencies to investigate and prosecute these crimes.
Sarbanes Oxley: Improved Corporate Governance and Financial Disclosure
Frequently criticized for being overly burdensome, SOX requirements can adversely affect smaller companies.
One of the most controversial provisions of the SOX Act is Section 404, mandating all publicly traded companies establish internal controls and procedures for financial reporting. They must document, test, and maintain those controls and procedures to ensure their effectiveness. Costs of Sarbanes Oxley compliance requirements can run into the millions.
SOX Act Requirements: Whistleblower Protection
To ensure that employees feel comfortable reporting fraud and misconduct, SOX includes a provision that protects so-called whistleblowers reporting such activity.
Before this law passed, there were no real protections for employees who spoke up about illegal or unethical behavior. They could be fired or blacklisted from the industry.
The Sarbanes Oxley Act makes it illegal for employers to retaliate against employees who report misconduct or participate in a fraud investigation. This protection applies to both current and former employees.
This protection is essential because it encourages employees to come forward with information about wrongdoing without fear of reprisal.
If whistleblowers are retaliated against, they can sue their employer and collect damages. And if their information leads to a successful prosecution, they can receive a portion of the fines collected, adding a financial incentive to come forward.
SOX Act Requirements: The Cost of Non-Compliance
If a public company does not comply with SOX, it faces several potential consequences.
The most serious is delisting the company from the stock exchange. Delisted companies can no longer trade and often find it difficult to raise capital.
Other potential consequences include fines, imprisonment, and banishment from doing business with the government. This can devastate a company relying on government contracts.
Officers and directors of a company committing fraud by certifying a report not meeting SOX guidelines can be held personally liable. They might personally pay damages of up to five million dollars and even go to prison for up to 20 years.
A Final Word on Sarbanes Oxley Compliance Requirements
Despite its critics, the Sarbanes-Oxley Act has had a significant impact on corporate governance and financial disclosure.
It has made executives more accountable for the accuracy of their financial statements, and increased the transparency of corporate accounting practices.
Overall, Sarbanes Oxley compliance requirements have helped restore investor confidence – something much needed in the wake of corporate scandals in the early 2000s.
For more information on ThriveDX enterprise security training programs, please visit us at https://thrivedx.com/for-enterprise.
Protect Your Organization from Phishing
Explore More Resources
- Article, News
- Article, Blog
- Article, Blog
- Article, Blog
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.
