What accountants should know about SOX
The Sarbanes-Oxley Act (SOX) is a United States federal law passed in 2002 as a way of overseeing accounting practices in publicly held companies. While this law primarily focuses on auditing and compliance, it involves many different aspects that affect business performance. For example, SOX also puts in place requirements for management teams, data security protocols, and internal control reports.
The SOX law was written in response to the wave of accounting scandals in the early 2000s. Therefore, its primary role is to increase transparency in financial reports while establishing a formal system where such documents can be internally and externally verified.
Understanding SOX and how it applies to accountants
SOX is a company-wide law, but it also applies specifically to accountants. This is because accounting professionals are involved in many different aspects of financial reporting. From bookkeeping to valuation and even the implementation of information systems, accountants play a critical role in the financial success of any public corporation.
Similarly, accountants may be involved in representing an inaccurate image of any company’s performance. SOX laws were designed to oversee these aspects of the financial process and minimize instances of fraud.
As an accountant, you may be wondering which specific aspects of SOX apply directly to you. SOX is not just a legal burden that public corporations need to adhere to. Indeed, it is a good business practice to implement SOX because it can help detect and prevent accounting fraud, prevent data theft, and also limit cyber security attacks. But what should you specifically know about SOX as an accountant?
SOX: What accountants need to know
Yearly independent audits are a requirement
The core SOX requirement that applies to accountants is mandatory yearly audits. Public corporations are required to undergo an external audit of their financial records to ensure that all the information reported is accurate. These audited statements are relied upon by investors, government officials, and other stakeholders when assessing the performance of the business.
You may be hired as an external auditor to carry out SOX audits for clients. If so, you’ll need to verify the client company’s financial statements and check them for accuracy. This involves comparing the current statements to previous years—and identifying any possible areas of concern.
Effective internal audits smooth the external auditing process
For any business to have a successful external audit, internal auditing also needs to be as accurate as possible. External auditors will rely on internal reports and software systems to access public company information. If these systems are not in good shape, the external audit may be delayed. Auditors may also have additional concerns regarding your company’s financial statements.
As an accountant working for a specific public corporation, you should ensure that all SOX compliance tools are updated, organized, and easily accessible. More specifically, implement access controls for both physical and electronic financial records. You should also have a data security plan to avert cyber security threats, including advanced backup tools to prevent data loss.
All accounting firms must register with the Public Company Accounting Oversight Board
If your accounting firm is involved in auditing public companies, you’ll need to register with the Public Company Accounting Oversight Board. This board is made up of CPA and non-CPA members. Their primary role is to oversee external audits and investigate any auditing issues done on public companies. They can also impose sanctions on companies and individuals for violating SOX regulations.
Accounting firms involved in external audits need to sign up for this board so they can follow the required standards and auditing requirements.
Financial records must be personally certified by board members
The SOX law (under section 302) also requires management (particularly CEOs and CFOs) to certify that all financial statements are accurate and complete. This places additional responsibility on accountants working in these firms.
If you’re involved in preparing financial statements for a public corporation, the accuracy of these documents may directly impact your CEO or CFO. All relevant financial statements must be personally certified by these company professionals. Certification also includes an acknowledgment that information security has been adhered to. This is why accountants can expect scrutiny from management when audit season comes around.
Fraud and purposeful destruction of records constitutes criminal penalties
Previous company records are a critical resource during auditing and financial accounting practices. SOX laws stipulate that companies may suffer criminal prosecution for purposefully destroying such records- or failing to keep these records for at least 5 years back.
Accountants working within public corporations should take record maintenance very seriously. All workpapers should be properly arranged, stored, and accessible by regulatory agencies when requested.
Due to previous cases of record destruction to cover up possible fraud, the SOX act proposes stiff penalties (up to 10 years imprisonment) for anyone who knowingly destroys financial statements and other similar records.
Limitations for consulting services
Many accounting firms also provide consultancy services to clients. Consulting is a highly profitable practice as it helps companies streamline their operations and identify opportunities for growth/improvement. However, the SOX law prohibits public companies from receiving certain consulting services from their auditor. These limitations are put in place to prevent conflict of interest that may also result in financial fraud.
If you offer consulting services to a public company, be aware that you can’t consult to a company that you also audit within the following service areas:
Bookkeeping services
Actuarial services
Information systems consulting
Appraisals
Investment banking
Valuation
Any consultancy services that are offered to the publicly held company that you also audit will need to be pre-approved by the audit committee. These services must also be disclosed in the financial statements for investors to review.
As an accountant, knowing the applications and implications of SOX will make you a valuable resource. Companies are looking for accounting professionals who can also help them with SOX compliance in many different ways. From internal audit preparation to information systems management and external auditing, accountants with SOX knowledge are in high demand across the country.