U.S. listed companies and subsidiaries of U.S.A listed companies must comply with the Services Oxley Act (SOX). Adopted by the US Congress in 2002, SOX is designed after a series of horrific economic, financial scandals, the enforcement of which aims to enforce corporate governance and accountability through extensive internal controls and balances. SOX require a wide range of expensive registration standards and provide severe penalties for infringements.

Let’s know about what is SOX testing.

The Sarbanes-Oxley Act is the main federal law on financial reporting in force in the USA, introduced in 2002 in order to guarantee transparency in the communications of listed companies and protect investors from fraudulent practices: it defines corporate governance systems and procedures control of an administrative and accounting nature, binding all entities listed on the United States stock exchanges and their subsidiaries, including abroad.

What are the requirements to comply with the Sarbanes-Oxley Law?

Compliance policy- Policies and procedures should clearly explain internal controls, audit mechanisms, and documentation standards in order to perform a set of tests that demonstrate compliance in the case of auditing.

Effective SOX Compliance Training- Regular training is necessary for all directors, officers, relevant employees, and business partners/agents to ensure that the organization is doing everything possible to eliminate or identify potential fraud.

Whistleblower Hotline- Listed companies should have a whistleblower hotline so that employees can report potential misconduct or policy violations without fear of retaliation.

Codes of conduct- The Company’s commitment to not tolerate any retaliation must be specified in the organization’s code of conduct, policies, and procedures.

How SOX improves operational and internal controls

The law establishes new obligations relating to accounting audits, which must be carried out periodically by independent bodies. It specifies the methods of drawing up financial statements and the characteristics of financial reporting, personally involving the figures of the CFO and CEO. Together with other company executives, they are held directly responsible for the fulfilment of the main clauses of the legislation.

In order to foster transparency, the law encourages reporting of illegal activities that may not emerge during audits and protects individuals who highlight them, empowering the U.S. Department of Justice to indict employers who apply retaliation towards whistleblowers.

The SOX contains a series of clauses concerning internal control, the completeness of sensitive company documentation and audits: it also establishes the personal responsibility of the company’s senior managers, declaring the obligation to establish and maintain an internal control system and to archive all relevant correspondence.

Section 302 requires CEOs and CFOs to attach their comments and to sign audits to ensure the accuracy and truthfulness of the information included in the minutes: executives who deliberately deliver false reports or intentionally make unfounded statements are liable to fines up to 25 million dollars and up to 20 years in prison.

Section 404 emphasizes the need to implement an internal control system capable of promptly identifying improper or unauthorized use of company assets.

Conclusion: SOX focuses on the effectiveness of internal financial control only. SOX controls focus heavily on creating clear accountability at each stage of budget preparation (the origin of SOX has been several budget frauds), signatures, authorities, and access to configurations.