Sarbanes-Oxley Isn’t Just for Public Companies: Here’s Why You Should Care

Ever thought SOX was just for big, public companies? You’re not alone—many private firms believe the Sarbanes-Oxley Act (SOX) doesn’t apply to them. But here’s the thing: not only could a lack of SOX compliance lead to serious trouble, but embracing it also brings major benefits. In this article, we’ll explore why adopting a SOX compliance program is a smart move for any private company. From avoiding regulatory pitfalls to enhancing your company’s reputation and value, discover why SOX compliance is more relevant and advantageous than ever.

What Exactly Is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act (SOX) consists of 11 sections. The most important parts of the law include:

• Section 201 establishes the requirement for external auditors to be independent of the company being audited. This means audit firms cannot provide bookkeeping, banking, business valuation, investment advice, consulting, management, or design and implementation of record-keeping systems for their audit clients.???

• Section 302 establishes corporate responsibility for financial reporting. The Chief Executive Officer and Chief Financial Officer must certify that the financial statements are not misleading, are materially correct and that they are responsible for internal controls. Any shortcomings in internal controls and any fraud must be disclosed.

• Section 401 specifies that financial statements cannot be misleading and must be materially correct. They must disclose all material off-balance sheet loans, agreements, or other transactions.??

• Section 404 requires management to evaluate the design and implementation of internal controls. Any shortcomings must be disclosed. External auditors need to evaluate whether management's assessments of internal controls are accurate.

• Section 409 mandates that any major changes to financial conditions, operations, or key personnel must be promptly disclosed by management.

• Section 802 imposes severe criminal penalties for altering, concealing, or forging documents in any bankruptcy, IRS audit, or other federal investigation. Documents must be retained for at least five years. External auditors can also face criminal penalties if they are involved in any coverup. These penalties apply to all companies, whether public or private.?

• Section 806 requires whistleblowers within a company to be protected. For many companies, the most demanding part of SOX is Section 404, which requires companies to assess how well their internal controls are working and have an external auditor further attest to those controls. SOX 404 audits can be costly.

Fortunately, the Securities and Exchange Commission and the Dodd-Frank Act of 2010 carved out exemptions for smaller public companies. Under SEC rules adopted in March 2020, companies with less than $100 million in annual revenue are exempt from the auditor-attestation part of Section 404. Dodd-Frank exempted companies with a public float of less than $75 million from the auditor attestation.

What Is the Purpose of SOX?

The Sarbanes-Oxley Act of 2002 (SOX) was implemented to prevent corporate fraud, improve the reliability of financial reporting, and restore investor confidence. By requiring companies to provide a complete view of their finances, SOX also enhances corporate transparency. Most importantly, the Chief Executive Officers (CEOs) and Chief Financial Officers (CFOs) are responsible for the integrity of their company's financial reporting. Previously, enforcement of violations of securities laws was difficult. Under SOX, executives can face jail time for violating the law.

Which Companies Does SOX Apply To?

All SOX provisions apply to publicly traded U.S. companies and their auditors. Privately held companies are not required to comply with the reporting requirements, but they are subject to the penalty and liability provisions. Penalties can include substantial fines or imprisonment. Compliance with SOX is one of the more significant hurdles for any company planning to conduct an initial public offering, so private companies considering ongoing public ownership or acquisition by a public company may consider adopting SOX-related accounting guidelines early on.

How Does This Impact Private Companies?

While private companies are exempt from SOX's financial reporting provisions, they are not exempt from the penalty portions, which may surprise many small business owners. These penalties can include up to 20 years in prison for altering or destroying documents in a federal investigation, including IRS audits, or fines of up to $5 million. However, as companies, investors, and audit firms have become more familiar with the law, many of the provisions have been accepted as best practices for growing companies. Compliance with SOX has become viewed as a cost of going public.?

Weak internal controls can enable financial fraud and embezzlement. Internal controls ensure a company's financial records accurately reflect operations and prevent artificially inflating performance. They also make fraud, theft, or other financial wrongdoing more difficult. Thus, the requirements in Sections 302 and 404 to establish, document, and strengthen internal controls are a best practice for organizations of any size.

Benefits OF Sarbanes-Oxley to Private Companies

Adherence to the Sarbanes-Oxley Act of 2002 (SOX) and other best practices for public companies, such as those required by stock exchanges, provides numerous benefits. Directors, with a fiduciary duty to the companies they serve, are better equipped to fulfill their responsibilities when they operate independently from management and base decisions on complete and accurate information in accordance with well-established guidelines and charters.?

Companies with robust financial and governance protocols and practices are less susceptible to litigation. Furthermore, if subject to legal action, they are more likely to prevail because standards for evaluation increasingly reference SOX requirements and other accepted "best practices," such as stock exchange mandates.

SOX compliance facilitates raising capital via private markets and initial public offerings. Private investors are more inclined to invest where management adheres to best practices. Companies desiring to go public must first achieve SOX compliance, and underwriters will not proceed until the offering company fulfills compliance.

SOX compliance makes companies more attractive acquisition candidates for public firms, particularly for material acquisitions that transfer financial control responsibilities to the acquiring entity post-acquisition.

Conclusion

Privately held companies would be wise to consider the impacts of the Sarbanes-Oxley Act. Several provisions within the Act can significantly influence them, such as through strengthening corporate governance, better-serving shareholders' interests, and boosting company value via an augmented capacity to secure loans, raise capital, and potentially pursue plans to undertake an initial public offering or acquisition by a publicly listed firm.

Considering SOX compliance? Symposia offers the resources and support to help you navigate SOX requirements seamlessly. Focus on your core business activities with confidence, knowing your financial data is secure and your reporting practices are fully compliant. Let us assist you in implementing SOX effectively.