1. Have a Written SOX Compliance Policy in Place
An organization's SOX compliance policy should set out the specific financial controls and procedures that are required to be in place in order to comply with the Sarbanes-Oxley Act. The policy should be approved by the board of directors and be made available to all employees.
2. Implement Segregation of Duties
One of the key financial controls mandated by Sarbanes-Oxley is segregation of duties. This means that employees responsible for critical financial tasks should not be responsible for other tasks that could potentially compromise the accuracy of financial reports. For example, an employee who prepares financial statements should not be responsible for recording transactions.
3. Establish and Implement Financial Controls
Organizations must put in place a number of financial controls in order to protect shareholders and investors. Financial controls may include measures such as approval limits for transactions, segregation of duties, and policies and procedures for accounting and financial reporting.
4. Conduct Periodic Reviews of Financial Controls
Organizations should conduct periodic reviews of their financial controls to ensure that they are still effective and appropriate. The reviews should be conducted by individuals who are independent of the organization's finance department.
5. Maintain Accurate Books and Records
Organizations must maintain accurate books and records in order to ensure that financial information is reliable and can be verified. Books and records should be kept up-to-date and should accurately reflect the organization's financial position.
6. Report Any Material Weaknesses to the Board of Directors
If an organization identifies a material weakness in its internal control over financial reporting, it must report this to the board of directors. A material weakness is a deficiency or combination of deficiencies in internal control that could reasonably impact the accuracy or completeness of an organization's financial statements.
7. Cooperate With Investigations by the SEC or Other Regulatory Agencies
If an organization is being investigated by the SEC or another regulatory agency, it must cooperate fully with the investigation. Employees must provide requested information and documents, and may not destroy any evidence or obstruct the investigation in any way.
8. Comply With All Applicable Laws and Regulations
All organizations must comply with all applicable laws and regulations, including those related to accounting, auditing, and securities trading. Violation of any law or regulation can lead to civil or criminal penalties.
9. Adopt and Maintain Ethical Standards of Conduct
All organizations should adopt and maintain high ethical standards of conduct. Employees should be expected to act in accordance with the organization's ethical code and should be held accountable for any violations.
10. Foster a Culture of Compliance Within the Organization
Organizations should foster a culture of compliance within the organization, where employees are aware of and committed to complying with all applicable laws and regulations. Employees should be encouraged to report any potential compliance issues. Managers should set the tone from the top by modeling ethical behavior and promoting a culture of compliance.