The Sarbanes-Oxley Act (SOX) was created to “protect investors by improving the accuracy and reliability of corporate disclosures…” SOX applies to the financial and accounting departments of corporations (public or private), as well as accounting, investment and tax firms.
SOX contains eleven separate sub-headings (titles), and numerous sections within each sub-heading, that detail regulations for auditing, corporate responsibility, financial disclosures, conflict of interest analysis, taxes and tax returns, and fraud accountability. For the purposes of developing a compliance plan, it is beneficial to focus on specific, directly actionable regulations:
- Section 302 – addresses disclosure controls and corporate responsibility for financial reports
- Section 303 – defines and prohibts improper influence on conduct of audits
- Section 401 – pertains to disclosures in periodic reports
- Section 404 – sets out guidelines for assessing internal controls
- Section 409 – stipulates real-time disclosures of financial conditions and operations
- Section 802 – creates penalties for altering financial documents
Demonstrating compliance with SOX regulations, particularly the sections listed above, require organizations to develop a compliance program which performs such tasks as:
- Creating financial and accounting employee certifications and attestations stating that reports will be or have been reviewed, do not contain untrue or misleading information, and fairly represent the financial condition of the organization.
- Creating attestations for signing officers that declare the signing officers have accepted responsibility for internal controls, have evaluated these controls within the past 90 days, have reported their findings, have listed any deficiencies or fraud, and have outlined any significant changes that could have a negative impact on internal controls.
- Creating attestations for employees involved with audits that certify that the employee has not taken and will not take any action to fraudulently influence, manipulate or mislead any auditor.
- Creating robust policies, procedures and trainings for all employees involved with financial governance, accounting, or financial disclosing in the organization, and retaining certifications that said policies, procedures and trainings have been delivered, understood and agreed to.
How DocRead can help
DocRead is compliance software that enables an employer to distribute documentation to a specific user group, receive certification that it has been read, and monitor the progress of the document’s acceptance.
When complying with SOX regulations, DocRead eases the task of distributing numerous policies, procedures, trainings and attestations to applicable groups of employees, and creates a simple, paperless means of documenting employee certification of receipt.
Once you select a document to distribute and a user group to receive it, employees in the user group will be required to read the document and certify that they agree with and understand all elements of the policy, procedure, training or attestation.
The certification message is fully customizable, allowing you to tailor the message to the specific requirements of each document. Employees must check the 'I agree' box and then click the 'confirm' button for the task to be considered complete.
When employees have acknowledged their acceptance of the document, they receive a reading receipt that they may download or print for their records. These reading receipts are time-stamped and securely stored in a central database, allowing quick access in case of audit or document request.
Should you require that a policy, notification or attestation be printed out, DocRead allows for the document to be opened in an application (such as MS Word, Adobe Reader, etc.) and printed out by the employee.
DocRead provides reading reports that can be used to monitor the progress of policy acceptance, clearly showing how many policies have been assigned, completed or are overdue.