-
7/31/2019 Sarbanes
1/3
Sarbanes-Oxley For Dummies
Enacted in the wake of corporate mismanagement and accounting
scandals, Sarbanes-Oxley (SOX) offers guidelines
and spells out regulations that publicly traded companies must
adhere to. Sarbanes-Oxley guidelines offer best-
practice principles for any company, especially those providing
services to other businesses bound by SOX.
How to Limit Corporate Liability after Sarbanes-Oxley
The Sarbanes-Oxley Act (SOX) provides a legal model for running
corporations of all sizes, regardless of whether
theyre publicly traded and technically subject to SOX. The best
legal minds agree that good liability-limiting
governance after SOX requires corporations to do the
following:
Evaluate your board members. After SOX, shareholders expect the
directors who sit on the boards that run
companies to be independent and financially literate.
Create the correct kinds of committees. After SOX, well-governed
companies of all sizes break their board
members up into audit committees, nominating committees,
compensation committees, and maybe even
disclosure committees.
Get good counsel forcorporate officers. The legal trend is that
chief executive officers (CEOs) and chief
financial officers (CFOs) are held responsible for everything
that appears on financial statements. CEOs and CFOs
need good legal counsel inside and outside the company to help
them ask questions and spot issues necessary to
reasonably protect these officers from liability.
Set defensive communication standards. When a legal battle
ensues, communications processes within the
company are scrutinized. Establish clear communication
procedures that reflect responsibility and accountability
within the company.
Know the hidden risks to board members. Board members are
responsible to shareholders and third parties
that rely on the companys financials. Even in small, private
companies, board members can be sued by creditors
and third parties that rely on the financial statements.
Know when to say no to a Section 404 auditor. Attorney opinions
can be instrumental in cutting Section 404
costs in a companys first year of Section 404 compliance.
Attorneys can help cut costs in the Section 404 process
by identifying areas in which legal liabilities and exposures
are minimal.
Dont treat whistle-blowers like whiners. Whistle-blowers are
people who alert the company to breaches of
internal policy and government regulations, and they must be
treated with special care after SOX.
Know when to file an 8-K report. SOX Section 404 contains a list
of seemingly routine events in the life of a
corporation that call for the filing of an 8-K report. These
events include (among many others) changes in
management and loss of a major client. Know these triggering
events.
Figure out whether your company needs an SAS 70 Form.Even small
companies that technically dont have to
comply with SOX Section 404 may be asked to provide
certifications about their internal control to their clients
who
do have to comply using this form.
-
7/31/2019 Sarbanes
2/3
Sarbanes-Oxley Practices for Good Corporate Governance
Sarbanes-Oxley (SOX) was passed to combat corruption at big
public companies like Enron, WorldCom, Tyco,
Adelphia, Global TelLink, HealthSouth, and Arthur Andersen. But
small and not-for-profit companies are finding they
have no choice but to adopt many of the same standards if they
want to get insurance, attract investors and donors,
and repel lawsuits. SOX compliance is becoming a portfolio
building block that no company can ignore. Heres what
to do:
Form an audit committee. Yourcompanys audit committee should
consist of independent directors who sit on
the board and ensure the integrity of your companys audit
process. After SOX, its tough to explain to investors
and regulatory authorities why your company never got around to
convening an audit committee.
Combat Section 404 audit-chondria and policy paranoia. Auditors
and governance officers want to shine by
conscientiously complying with SOX Section 404. However, they
have to do their jobs within the bounds of budget
and reason. Not every audit issue deserves full-throttle
testing, and not every trivial process needs accompanying
polices and controls.
Prevent whistle-blower complaints from becoming lawsuits. Every
company has its share of complainers and
malcontents. However, when employee or vendor complaints regard
matters than can affect the companys
financial statements, the issues need to be fully documented and
vetted.
Keep a lid on insurance premiums. Increasingly, insurance
companies are looking at SOX compliance as an
unofficial underwriting criterion in quoting officers and
directors liability policies and other coverage relative to
companies exposure. Put simply, SOX compliance can save premium
dollars.
Be credible in raising capital. No investor or donor wants to
assume unnecessary risk. Documenting your
companys compliance with the relevant aspects of SOX shows
creditors and donors that your company operates
in an ethical, controlled environment and that its future growth
is a good bet.
Deal with real data in making decisions. No company can make
good decisions if its financial data is
speculative and its procedures are hazy. The good news about SOX
is that it has created spinoff software tools
and checklists to help your CEOs, CFOs, and other management
team members get a handle on whats
happening with your company.
Figure out if SAS 70 applies to you (even if the rest of SOX
doesnt). If your company provides services to
publicly traded companies, your clients may be asking you for an
SAS 70 report. Even if you dont have to comply
with SOX, your customers may have to document that they only
outsource to service providers with good internal
controls in place and may be looking for you to provide the
appropriate SAS 70 documentation.
Communicate about control. When a company experiences a breach
of ethics or internal control, its important
to be able to trace the company communications to see where the
breakdown occurred. Clear communications
about controls, procedures, and ethics can protect conscientious
management and employees at all levels while
laying the blame on those attempting to circumvent SOX
standards. The SOX spinoff market has produced tools
and checklists to test communication as well as other types of
control.
-
7/31/2019 Sarbanes
3/3
Prepare management for new levels of liability. SOX places more
responsibility (and potential liability) on
management than ever before. Management needs to understand what
it can no longer delegate under SOX and
develop a strategy for maintaining control over what can be
handed off to others.
Adopt a code of ethics, and mean it. Every company should adopt
a simple code of ethics and communicate it
to everyone in the organization. In any company, new situations
that arent covered by specific policies will arise.
However, in the post-Enron era of SOX, the companys code of
ethics should cover everything.
