SOX Act of 2002

SOX Compliance

Software for SOX


Last updated



Welcome to Sarbanes Oxley 101

The Sarbanes-Oxley Act of 2002, sponsored by Paul Sarbanes and Michael Oxley, represents a huge change to federal securities law. It came as a result of the corporate financial scandals involving Enron, WorldCom and Global Crossing. Effective in 2006, all publicly-traded companies are required to implement and report internal accounting controls to the SEC for compliance. In addition, certain provisions of Sarbanes-Oxley also apply to privately-held companies.

Executives who approve shoddy or inaccurate documentation face fines of up to $5 million and jail time of up to 20 years.

Is Your Organization SOX Compliant for 2017?

Provisions of the Sarbanes-Oxley Act (aka SoX, Sarbox or SOA) detail criminal and civil penalties for noncompliance, certification of internal auditing, and increased financial disclosure. It affects public (and private) U.S. companies and non-U.S. companies with a U.S. presence. SOX is all about corporate governance and financial disclosure.

The Sarbanes Oxley Act requires all financial reports to include an Internal Controls Report. This shows that a company's financial data accurate and adequate controls are in place to safeguard financial data. Year-end financial dislosure reports are also a requirement. A SOX auditor is required to review controls, policies, and procedures during a Section 404 audit.



SOX auditing requires that internal controls and procedures can be audited using a control framework like COBIT. Log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.

Sarbanes-Oxley also encourages the disclosure of corporate fraud by protecting whistleblower employees of publicly traded companies or their subsidiaries who report illegal activities. Section 806 of Sarbanes Oxley the Act authorizes the U.S. Department of Labor to protect whistleblower complaints against employers who retaliate and further authorizes the Department of Justice to criminally charge those responsible for the retaliation.

SOX affects private companies too

Certain provisions of Sarbanes-Oxley also affect private-held companies. For example, intentionally destroying, altering or falsifying documents with the intention of impeding or influencing a federal agency investigation or a federal bankruptcy proceeding carries fines and up to 20 years imprisonment. In addition, whistleblower protection applies, such as retaliating against someone who provides a law enforcement officer with information relating to a possible federal offense, and is punishable by up to 10 years imprisonment.

SOX affects accounting firms

Sarbanes-Oxley builds a firewall between the auditing function and other services available from accounting firms. The firm that audits the books of a publicly held company may no longer do the company's bookkeeping, audits, or business valuations, and is also banned from designing or implementing an information system, providing investment advisory and banking services, or consulting on other management issues.

SOX affects HR departments

Sarbanes-Oxley contains mandates regarding the establishment of payroll system controls. A company's workforce, salaries, benefits, incentives, paid time off, and training costs must be painstakingly accounted for under Section 404 of Sarbanes-Oxley. SOX requires certain employers to adopt an ethics program that include a codified code of ethics, a communications plan, ans staff training.

SOX is expensive to implement

According to a 2008 SEC survey of officers at public companies, Sarbanes-Oxley cost the average company $2.3 million annually in direct compliance costs, including staff time, documentation, and external audits, compared with estimates of $91,000 in annual costs before the Sarbanes-Oxley Act was passed.