17 Feb Sarbanes Oxley 101
A Quick Guide to The Sarbanes Oxley Act
Publicly traded companies and foreign companies with U.S. securities are now subject to compliance with the Sarbanes Oxley Act (SOA) of 2002. After several major cases of corporate fraud that caused economic instability, Sarbanes Oxley was introduced as a means of monitoring large corporations to ensure that they are operating legally, as well as providing a stronger framework for bringing criminal charges against companies that are deliberately committing fraud against their shareholders. The primary byproduct of this act is a stringent requirement for monitoring of all sensitive financial data, and a burden upon companies to prove that they are doing everything in their power to protect their investors against fraud and data breaches. As of 2006, all companies are expected to be in compliance with the SOA and will complete regular audits in order to maintain their place in publicly traded markets.
The first section of the Sarbanes Oxley Act is the establishment of a governing body to oversee compliance. This has been realized in the Public Company Accounting Oversight Board (PCAOB). The PCAOB was given three specific objectives:
- Qualifying and registering auditors.
- Defining the auditing process by which companies will be deemed in compliance.
- Actually monitoring companies for compliance of the mandates and quality.
In addition to outlining the implementation of the SOA from the outset, the PCAOB continues to track progress and make amendments to their operational standards. They regularly issue updated protocols for auditing as well as providing helpful hints to companies that are designed to make the process easier on them.
One of the primary goals of Sarbanes Oxley is for companies to keep more detailed and accurate financial records on file. These records are to be certified by the principal officers of the company once per quarter as being verified for integrity. Corporate officers are now expected to take personal responsibility for the financial reports that they sign off on, and can be punished with both criminal fines and jail time for knowingly falsifying financial reports or for failing to report data tampering to auditors.
The reports themselves also cover a far wider range of financial data than they did in the past. In addition to reporting quarterly and annual earnings, companies are now expected to report the stock exchanges made by their executive officers, any transactions such as brokerage or asset management that are not included on their internal balance sheets, and more. This information is used to build a more complete picture of how the company is performing, as well as creating multiple checkpoints by which auditors can find weaknesses in the data being provided. The overall result has been that companies are taking steps to improve their own financial tracking systems and are ultimately benefiting from the detailed information and increased efficiency that they are finding once they meet compliance guidelines, while investors have a greater sense of security knowing that their risks are being well managed.
In addition to creating a more complete set of financial statistics by which to measure a company’s viability, Sarbanes Oxley also took drastic measure to ensure that data is being collected without interference. The SOA took steps to identify corporate fraud as a criminal offense that carries specific penalties which were previously undefined. It also states that executive officers are liable for the data that is being reported, and that they have a legal responsibility to report any cases of known fraud or tampering with the information. In addition, the SOA went one step further to protect whistle-blowers from retaliation in cases where an individual does make a report of fraud. By creating clearer definitions for white collar crime, and corporate and criminal fraud, the SOA has made it imperative that companies take every possible step to prevent manipulation and destruction of financial data.
Along with declaring accountability for corporations, Sarbanes Oxley also includes provisions for investigation into credit rating agencies, investment banks, accounting firms and individual brokers and advisers. The PCAOB set out to determine whether the corruption that led to major fraudulent activity in the past extended to other spheres of finance and allows them to hold accountable those players who were also responsible for damaging the market. Lastly, they have set forth the standards by which brokers and advisers are vetted and are allowed to practice by meeting minimum educational, background check and other prerequisites.
Probably the most influential part of Sarbanes Oxley on a day to day basis is the need for increased IT solutions for tracking and securing financial data. In order to reach compliance with the SOA, companies are expected to adopt a series of protocols set forth by a combination of COSO, COBIT and ITGI. Each of these provides a framework by which companies can meet minimum standard requirements for the creation, maintenance and reporting of financial data. Corporations are also expected to have a well-designed system of fail safes to prevent data tampering that can be tested for reliability at regular audit points. Companies need to have a clear protocol for handling data breaches, isolating damage, and notifying investors when there is a threat. All access to sensitive data must be monitored and records of specific dates, times and individuals who have accessed the information must be available to SOA auditors.
Implementing these security systems has been a major challenge for some companies, but the overwhelming majority have found that there significant returns on investment when done right. For instance, SOA compliant companies are better able to streamline their reporting systems, eliminate waste and reserve investor trust when they are better equipped to handle threats to their system. As a general rule, both companies and investors have benefited from the SOA in measurable ways.
Any company that is publicly traded and needs to meet minimum Sarbanes Oxley mandates should have the necessary means by following the most recent PCAOB guidelines. In unity with the PCAOB, industry standards like COBIT, COSO and ITGI provide specific directions for achieving compliance in a straightforward and cost effective way. While the initial goal of the SOA was to hold companies accountable for the financial data that they publish and improve investor’s faith in the system through regular monitoring, there have been substantial improvements made in data security as a direct result. In an effort to implement SOA compliance effectively, companies are encouraged to consult with and hire experts who specialize in meeting these standards as temporary team members. This provides a cost effective way for companies to overcome the immediate hurdle of adherence by taking advantage of an SME’s knowledge and previous experience while also providing a smooth transition to a self-regulated system over the long term.
The Griffin Groupe provides qualified experts on the subject of Sarbanes Oxley in the form of temporary employees to help get any company up to date with the latest guidelines and industry standards. For more information about their corporate executive recruiting network, visit The Griffin Groupe online.