Think Sarbanes-Oxley Only Applies to Public Companies? Think Again

essidsolutions

The Sarbanes-Oxley Act has been part of the accounting world since 2002 when big corporate accounting scandals were making the headlines. Small business owners may think that the act is only applicable to public companies; that is, however, not the case. Parts of the act are applicable to all businesses, irrespective of their size. Mike Whitmire, CEO, and co-founder of FloQast, sheds some light on the matter. 

Accountants in public companies have been familiar with the requirements of Sarbanes Oxley, also known as SOX since it was signed into lawOpens a new window in 2002. But for many smaller, private companies, SOX can be a bit of a mystery. However, just because a company is smaller doesn’t mean it should be ignored. 

The impetus for SOX was a series of accounting scandalsOpens a new window in the late-1990s and early-2000s that made headline news. The biggest of them was Enron in 2001, which resulted in employees losing an estimated $1 billion in their pensionsOpens a new window when the company went bankrupt. Enron’s downfall even brought down venerable Big Five accounting firm Arthur Andersen for its role in the fraud and subsequent coverup. 

What Is the Purpose of SOX?

SOX was introduced with the intention to prevent corporate fraud, improve the reliability of financial reporting, and restore investor confidence. By requiring companies to present a complete picture of their finances, SOX also improves corporate transparency. Perhaps most important of all, the CEOs and CFOs are responsible for the integrity of their company’s financial reporting. Previously, enforcement of violations of securities laws was difficult. Under SOX, executives can go to jail if they violate the law. 

Learn More: Open Banking Leads the Next Generation of Financial Services

Which Companies Does SOX Apply To?

All  SOX provisions apply to publicly-traded U.S. companies and their auditors. Privately-held companies don’t need to comply with the reporting requirements, but they are subject to the penalty and liability provisions. Penalties can include massive fines or even jail time. 

SOX compliance is one of the more daunting hurdles for any company planning to go public, so private companies that plan ongoing public or being acquired by a public company might consider adopting SOX-related accounting guidelines from the beginning. 

What Is the Sarbanes-Oxley Act?

SOX consists of 11 sections. Here are the most important parts of the law:

  • Section 201: External auditors must be independent of the company they are auditing. This means audit firms can’t provide bookkeeping, banking, business valuation, investment advice, consulting, management, or design and implementation of record-keeping systems for their audit clients.  
  • Section 302: This section establishes corporate responsibility for financial reporting. The CEO and CFO must sign off that the financial statements are not misleading, are materially correct, and that they are responsible for internal controls. Any shortcomings in internal controls and any fraud must be disclosed.
  • Section 401: Financial statements can’t be misleading and must be materially correct. They must disclose all material off-balance sheet loans, agreements, or other transactions. 
  • Section 404: Management must evaluate the design and implementation of internal controls. Any shortcomings must be disclosed. External auditors need to evaluate whether management is correct in their assessments of internal controls. 
  • Section 409: Any major changes to financial conditions, operations, or key personnel must be promptly disclosed by management.
  • Section 802: This section imposes severe criminal penalties for altering, concealing, or forging documents in any bankruptcy, IRS audit, or other federal investigation. Documents must be retained for at least five years. External auditors can also face criminal penalties if they are involved in any coverup. These penalties apply to all companies, whether public or private.
  • Section 806: Whistleblowers within a company must be protected. For many companies, the most arduous part of SOX is Section 404, which requires companies to assess how well their internal controls are working and have an external auditor further attest to those controls. SOX 404 audits can be pricey. 

Fortunately, the SEC and the Dodd-Frank Act of 2010 carved out exemptions for smaller public companies. Under SEC rules adopted in March of 2020, companies with less than $100 million in annual revenue are exempt from the auditor-attestation part of Section 404. Dodd-Frank exempted companies with a public float of less than $75 million from the auditor-attestation. 

Learn More: Beyond the Hype: Combining Machine Learning with Operational Analytics 

How Does This Impact Private Companies?

As I stated above, private companies are exempt from the financial reporting provisions of SOX. Still, they are not exempt from the penalty portions, which may come as a surprise to many small business owners. These penalties can include up to 20 years in prison for altering or destroying documents in a federal investigation, including IRS audits — or fines of up to $5 million. 

However, as companies, investors, and audit firms have become more familiar with the law, many of the provisions have become accepted as “best practices” for growing companies. 

SOX compliance has become accepted as a cost of going public. 

Financial fraud and embezzlement happen when internal controls are weak. Internal controls ensure that what’s reported in a company’s financial records reflects what actually happened and that the transactions are not artificially inflated to boost the appearance of good performance. They also make it harder to commit fraud, theft, or other financial misdeeds. This makes the requirements in Sections 302 and 404 to establish, document, and strengthen internal controls a best practice for companies of any size. 

One of the simplest yet most effective internal controls is the reconciliation processOpens a new window , which compares a company’s financial records to a different source, often a third-party source such as a bank statement or credit card statement. 

What Are the Benefits of SOX?

Now that SOX is nearly two decades old, it’s clear that the initial fears that SOX would inhibit investment in startups and discourage companies from going public were overblown. Markets have benefitedOpens a new window from reliable, and more transparent reporting and frauds have been reduced. Within companies, a surprising benefitOpens a new window has been improvements to processes with a reduced reliance on error-prone manual processes. Companies have better quality information, and many have seen improvements in operational efficiencies by simplifying complex processes. 

While the threat of jail time or massive financial penalties is frightening, it may have helped improve the integrity of financial reporting overall. However, even that won’t prevent all fraudOpens a new window . It’s still up to all the honest accountants out there to look for suspicious activity and to speak up when we see it. 

Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA