top of page

   Corporate Governance (Sarbanes-Oxley – SOx)

 

  • The Sarbanes-Oxley Act of 2002 (SOx) (a/k/a Public Company Accounting Reform and Investor Protection Act, and, Corporate and Auditing Accountability, Responsibility, and Transparency Act) was a swift, overwhelmingly-bipartisan reaction to the proliferation of scandals relating to accurate corporate financial reporting that seemed to pervade several giant corporations in the late ‘90s, that ultimately led to their spectacular collapses.

  • Despite the fact that SOx was conceived and passed much faster that other similar laws, to this day, the framework for controls it established became so influential world-wide, that it has been used as a prototypical model for excellence in global corporate financial reporting, so much so, in fact, that many countries throughout the world have adopted various similar (but not identical) SOx-like financial reporting frameworks, guidelines, laws, regulations, rules and statutes, such as, for example: Australia (Corporate Law Economic Reform Program Act); Canada (Keeping the Promise for a Strong Economy Act); France (Financial Security Law); Germany (Deutscher Corporate Governance Kodex); India (Securities and Exchange Board of India – Clause 49); Italy (Law 262/2005); Japan (Financial Instruments and Exchange Act); Netherlands (Nederlandse Corporate Governance Code); South Africa (King Report on Corporate Governance); Turkey (Capital Markets Board of Turkey Regulation Series:X No:19); United Kingdom (“UK SOX” – the current unofficial reference for the UK version of SOx, currently-scheduled to take effect at the end of 2023).

  • Understanding and complying with SOx is not rocket science; it is actually quite simple to understand; in general, SOx requires every covered company (as a general rule, domestic US companies, traded on any US exchange) to implement some rational framework for corporate accounting and public reporting, that the covered company may use to generate whatever type of reports the Securities and Exchange Commission (SEC) may require from time to time, in which the data included in such reports may be independently verified and secured, and which reports must be personally signed by whichever executives of the covered company have been designated to do so (either within the SOx requirements or through corporate policies).

  • Although that explanation immediately above may sound overly-complex, everything in SOx is simply an updated and codified version of some common-sense accounting practices that have developed over time since the Medici first-invented double-entry bookkeeping;  some of the modern forerunners of the basic SOx elements described above have existed in one form or another for decades; for example, generally-accepted accounting principles (GAAP), the bedrock foundational framework for all standardized modern business accounting protocols was developed around the times the Securities Act of 1933 and the Securities Exchange Act of 1934 were enacted; the “CIA triad”, relating to the confidentiality (“C”), integrity (“I”) and accessibility (“A”) of sensitive corporate data, has been practiced (whether consciously or not) by companies since about 1976.

  • SOx does not mandate in excruciating detail every specific element that must be included in a SOx-compliant plan; rather, SOx leaves it to a covered company as to the mechanics of how to comply.

 

  • The most-basic and perhaps most-misunderstood single element for implementing SOx compliance is the internal control – meaning an internal corporate protocol (a/k/a rule) that was perhaps designed by subject matter experts (SMEs) intimately-familiar with the particular corporate process at issue, to document (both in written verbiage and graphically, through standardized corporate flow charts) every step of the particular corporate process at issue, to prove to an independent external auditor that the particular corporate process at issue can be successfully-completed as described.

  • One issue that is rarely-considered in relation to SOx, is the pressing need for efficient contracts management; since every enterprise requires contracts with clients, customers, partners, suppliers and vendors, in order to function; that is why every enterprise has corporate policies, guidelines, playbooks, risk strategies – which are actually various types of enterprise internal controls – relating to contracts management, negotiation and retention; poorly-negotiated, poorly-drafted and poorly-managed contracts are actually various types of noncompliance (with the enterprise internal controls – corporate policies, guidelines, playbooks, risk strategies) and may cause catastrophic risk to the enterprise; manual contracts management performed by apathetic or poorly-trained personnel may result in numerous errors; thus, many enterprises have implemented contracts lifecycle management (CLM) platforms to improve enterprise compliance with the internal controls noted above, and thus improve SOx compliance in general; in particular, if all enterprise contracts are digitized, an optical character recognition (OCR) platform can be implemented, thus allowing every contract in the enterprise repository may be searched instantaneously by anyone with the proper access permissions, whether manually, or through the use of a data mining software platform; CLM platforms also have built-in monitoring, tracking and reporting capabilities, thus making it easier to generate audit trail reports to streamline SOx auditing and reporting tasks.

 

  • Drafting and negotiating all SOx-related documents and legal support for all SOx-related tasks.

   Progress_Page_Last_Updated_221104_2159

bottom of page