How to Implement SOX Compliance

The Sarbanes–Oxley Act of 2002, also referred to as SOX, is designed to prevent more financial debacles like Enron and WorldCom. Since 2003, CEOs and CFOs of public companies must swear under oath that their companies' financial statements are complete and accurate. In other words, SOX compliance requires management ethics, security and monitoring to be in place. If fraud is discovered, the company's leaders could spend up to 10 years in prison and pay fines. Proper SOX compliance is vital for public companies and helps restore confidence in the stock market as an investment opportunity.

Share the company ethics policy regarding fraud. It should be clearly stated in the employee handbook that altering numbers to entice investors is illegal. Emphasize the consequences for noncompliance with accounting procedures, including termination and prison. For example, every publicly traded company must use GAAP (generally accepted accounting principles) to comply with federal compliance standards. FASAB.Gov has guidelines to help public companies prepare financial documents to meet the legal stipulations of SOX using GAAP. Use their information to help train workers on SOX compliance and ethics.

Gather the board of directors, managers and other top level employees for a brainstorming session. Discuss what events could prevent the achievement of organizational objectives and how each should be addressed. For example, enterprise risk management will cover financial issues and goal achievement threats to surmount. The overall goal is to focus in four areas such as strategy, operations, reporting and compliance. Each of these must conform to the SOX law and provide a true outlook of the organization's finances.

Designate management personnel to oversee the implementation of SOX compliance. Finance and accounting departments should consult with risk managers to inspect the facility for weaknesses within IT security. Expect to pay a full-time SOX compliance manager at least $77,000 per year, according to This manager will be responsible for ensuring the audit policies mandated in the SOX law are followed.

Monitor IT policy standards for compliance. Follow the nine audit policies. They include: account logon, logon; account management, policy change, process tracking, object access, privilege use, system events and directory service access. These standards help ensure that breaches and suspicious activity are prevented.

Implement software that ensures SOX compliance is achieved. Purchase software that helps automate the compliance steps to reduce additional personnel costs. For instance, Engagent, VISUAL Security Suite or the suggested features mentioned within MetricStream provide automated support, like employee login records. A public company should explore options by learning about the different companies that offer help in organizing financial data securely.

Maintain all audit reports in a secure storage facility. All old financial statements should be stored in locked file cabinets for retrieval purposes. If there is situation where you need to review documents previously filed, they should be within reach for authorized individuals. If the statements are electronically stored, the main server should be in a secure location either on-site or off-site. An on-site server should be housed in a securely locked storage room.