SOX act or Sarbanes-Oxley Act was introduced in 2002 to encounter certain Corporate Scandals and improve the financial reporting standards of the companies. The name came from its inventors Paul Sarbanes and Michael Oxley. The SOX Act comprises of 11 sections or titles introduced by Security and Exchange Commission which describes the Corporate Responsibilities and criminal Penalties.
SOX Act was passed as a result of number of Corporate Accounting and Financial Scandals. It was introduced to gain back the trust of public and shareholders in the Accounting Processes and to stop fraudulent practices in enterprises.
Main objectives behind introduction of this Act are:
In US all publicly traded companies across all the sectors including all of their subsidiaries and divisions come under this Act. Any non-US MNC trading with US companies should also comply with this Act.
Private firms can also comply with the SOX Act to gain investor confidence, though it is not mandatory for them.
The key features of this act are as follows
How to comply?
A company can achieve SOX compliance by achieving the below requirements:
SOX Internal Controls
Controls are the policies, procedures and organizational structures that are designed to assure that the business objectives will be achieved and undesired events will either be prevented or handled.
Certain Control Frameworks are used to achieve the business objectives. 2 main control frameworks used to achieve SOX act compliance are
COSO – The COSO framework emphasizes on financial processes and Risk Management. It contains 8 components that together achieve the Organization mission and helps in Risk Management.
COBIT – COBIT is an IT control framework built based on COSO. It contains a toolset that help managers to connect between control requirements, technical issues and business risks. Benefits of Information Technology are used in this Framework to gain the shareholder’s confidence.
SOX act has the below advantages
SOX act has the below disadvantages