Though the Sarbanes-Oxley Act (SOX Act) has been in place since 2002, financial reporting tech has become so robust that analysts are predicting more vigilance from SOX auditors than ever before.
The Sarbanes-Oxley Act of 2002—Explained
In order to crack down on corporate fraud, Congress passed the Sarbanes-Oxley Act of 2002 (the SOX Act) in July 2002. The SOX Act was in response to the egregious accounting malpractice events in the early 2000s—Enron, WorldCom, Tyco International—that shook investor confidence in financial statements and demanded an overhaul of regulatory standards.
By mandating strict reforms to improve financial disclosures, the SOX Act was put into place to protect investors from potential fraudulent accounting activities. The SOX Act created the Public Company Accounting Oversight Board, an auditing watchdog that set the standards for audit reports. The board requires auditor registration, and inspects and enforces compliance. With the exception of tax consulting, the board prohibits auditing firms from engaging in any other type of consulting with the companies they audit. The board additionally stipulates that the lead audit partners must rotate off the account every five years.
The board bans company loans to executives; protects whistleblowers; strengthens the independence and financial literacy of corporate boards; and holds CEOs responsible for errors in accounting audits.
There are are few key provisions of the SOX Act you should be aware of: Section 302, Section 404, and Section 802.
Section 302 is the mandate that requires senior management to certify the accuracy of the reported financial statement.
Section 404 is the requirement that management and auditors establish internal controls and reporting methods detailing the controls’ adequacy. Keep in mind that Section 404 has significant financial implications for publicly traded companies as it is expensive to establish and maintain the required internal controls.
Most notably, public corporations are required to hire an independent auditor to review their accounting practices, deferring this rule for small-cap companies with a market capitalization of less than $75 million.
Section 802 contains the three rules that affect record keeping. The first deals with record falsification and destruction. The second defines the retention period for storing records. The third outlines the specific business records that companies need to store.
The SOX Act also specifies requirements for information technology departments regarding electronic records, defining which company records need to be stored on file and for how long. The act, however, does not standardize how a business should store its records, only that the IT department is responsible for storing them.
Who the SOX Act Affects
If you’re wondering if a SOX audit is a requirement for your company, we’ve made it easy for you. The audit is applicable to:
All publicly-traded companies in the US
Private companies that are preparing for initial public offering (IPO)
All publicly-traded non-US companies doing business in the states
All wholly-owned subsidiaries
Overview of Non-Compliance Penalties
Besides lawsuits, mounds of legal fees, and negative publicity, a corporate officer who does not comply or even accidentally submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison. If an inaccurate certification is submitted purposely, the fine can be up to $5 million and twenty years in prison.
Excel Spreadsheets and Weak Reporting
In the past, spreadsheets were given a bit of a leeway because Excel was seen as a necessary and unavoidable accounting tool that companies could not easily modify or enhance to maintain SOX compliance. Because there was no other solution and no other big players in the space, past auditors were lax in their overview of spreadsheets.
However, now that technology has caught up, there are many more solutions available to companies and businesses—especially in the commercial real estate space—to obtain clearer and more thorough financial reports. Auditors in 2019 and beyond cannot as easily look the other way at spotty, messy spreadsheets as they once have done. Having more control over your customized spreadsheets and reporting platforms means auditors are developing a keener eye, and will likely be doling out more SOX non-compliance fines than ever before.
How to Avoid Fines and Compliance Issues
The answer is: accurate reporting. We recommend using Spreadsheet Server to clean up your Excel reports. By eliminating manual data dumps and rekeying, Spreadsheet Server stamps out errors and inefficiencies and becomes your single source for truth. Compatible with more than 130 ERPs, Spreadsheet Server is the answer to strict compliance and avoidance of costly fines.
If you’re ready for something more robust, your reporting might benefit from MRI’s Report Design module, Yardi’s SQL Service Reporting Services (SSRS) reports, or Yardi Spreadsheet Reporting (YSR). MRI’s Report Design is a comprehensive report writer that includes an extensive range of user interface customization tools to simplify report design and to increase efficiency and accuracy. MRI Report Design was developed to meet the needs of MRI users who require the flexibility and power to create their own custom operational reports including financial statements, variance reports, rent rolls, and sales reports. It may be a bit advanced, but not as hard as you think, especially if you’re working with consultants like us.
If you’re a Yardi user, Yardi SSRS reports and YSR can be customized to generate any report that you want directly from Yardi’s interface rather than conducting a manual data dump to Excel. This allows you to get the outputs you require in the exact format your organization needs and in a shortened time-frame that supports your company’s needs. Yardi’s “Audit Table” functionality can also be useful.
Whatever method you choose, now’s the time to get serious about your financial reports. Robust reports require time, effort, and care. Luckily, with the technology now available, it’s easier than ever to create clear, precise reports that keep you in compliance.
Why Compliance Matters Even If You’re Not Public
Even if you’re not public or won’t be going public any time soon, compliance is key. Nearly 80 percent of CFOs and 82 percent of financial advisors surveyed in 2017 said that compliance with the SOX Act has improved the quality of information in audited financial reports. Additionally, 83 percent of large corporations agreed that SOX increased investor confidence.
Adhering specifically to SOX provision 404 and establishing internal controls can help streamline your quarter and year-end reports, show more accurately where you're financially headed, and boost investor relations. Implementing more sophisticated internal financial reporting tools, techniques, and controls helps your entire accounting team and helps you better understand and drive your growth potential.