Sarbanes-Oxley: Ready for Section 404?

The Sarbanes-Oxley Act (SOX), or the Public Company Accounting Reform and Investor Protection Act, was enacted in 2002 to protect the American public’s interests. SOX is being relied on to spot incidents of fraud, lack of internal controls, and suspicious business practices.

SOX was enacted in July 2002 and is the most important U.S. legislation to affect corporate governance, financial disclosure, and public accounting since the 1930s. Since it addresses corporate fraud, SOX helps to bolster the public’s confidence in the economy and in investing. SOX does this by monitoring the monitors, i.e., the financial auditors and company executives, as well as, statements of assets and revenues.

Section 302 of the act, requiring CEOs and chief financial officers to certify financial results, is already in effect. Now Section 404 calls for management to evaluate all the processes involved in producing a financial report. This will affect companies with fiscal years ending on or after June 15, 2004.

Under SOX, a publicly traded company is governed by the Securities and Exchange Commission (SEC) rules. It is subject to ongoing inspections over a period of one to three years. Inspectors will look for violations such as inaccurate accounting or evidence of personal loans extended to company executives. Companies must keep a seven-year record of all accounts for audit purposes. Their annual reports must include an internal control report stating that management takes responsibility for what is reported.

Failure to comply with SOX requirements is serious. If accounts are found to be inaccurate, for example, the CEO and CFO must forfeit their bonuses and other compensations. It could also result in a prison term or fines of up to $25 million, depending on the degree of negligence detected.

Even non-publicly traded companies are expected, over time, to abide by the spirit, intent, and letter of the law because the standardization and integration required by SOX can help any company improve its business processes.

The Sarbanes-Oxley Act is forcing organizations to rethink basic business procedures that they’ve come to take for granted. But for some companies, the smarter ones, SOX is about more than just compliance. These firms are asking, “How do we comply and improve our business capabilities at the same time?” To avoid being “socked” by SOX, go to IBM’s Forward View magazine at <> for more information.

Since SOX calls for monitoring the monitors, then your internal quality audit program could have a role to play. Consider expanding the scope of your internal audits to include financial processes and use SOX as one of the audit criteria.