A Simplified Approach to SOX Compliance

23 Mar A Simplified Approach to SOX Compliance

Improve Productivity and Reduce Business Risk


The Sarbanes-Oxley (SOX) Act was signed into law by President George W. Bush on July 30, 2002. All public companies, large and small, must comply. The Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

The bill, which contains eleven sections, was enacted as a reaction to a number of major corporate and accounting scandals, including those affecting Enron, Tyco International, Adelphia, Peregrine Systems, and WorldCom.

As a result of SOX, top management must individually certify the accuracy of financial information. Penalties for non-compliance and fraudulent financial activity are severe and include very hefty financial penalties and could include a jail term for the CEO and/or CFO.


In response to the perception that stricter financial governance laws are needed, SOX-type regulations were subsequently enacted in Canada (2002), Germany (2002), South Africa (2002), France (2003), Australia (2004), India (2005), Japan (2006), Italy (2006), Israel, and Turkey.


One of the most significant sections of the Act is section 302 which outlines the requirement for the CEO and CFO to certify and sign off on the financial statements fairness and internal control effectiveness.

The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company’s internal control on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort. It represents the largest opportunity for productivity improvements and reductions in business risk.


In simple terms, the company must have defined internal controls which probably include things such as requirements that the CEO must read and approve certain documents such as large contracts, significant partnering agreements, write-downs of inventory and the list goes on and on. There is a similar requirement for the entire executive team. In addition to defining the internal controls, the executives must ensure that there is an effective process in place to monitor compliance to those internal controls.

Normally, the entire executive team must also read the quarterly and annual 10-K reports to the Security Exchange Commission and validate that the 100+ page document is correct.


Most large companies have probably spent millions of dollars implementing SOX compliance with a technically elegant, but difficult to use solution that took over a year to implement. It probably covers a lot more than the internal controls around documents. If you’re a smaller company, you can’t afford all that time and money, so what do you do? In most cases, somebody keeps a record of all the reviews or signatures either manually or by saving a lot of emails. When the auditors examine that documentation, how does that person prove that they have ALL the information?

Executives usually have to read all 100+ pages of the dry 10-K quarterly and annual report trying to find what has changed since the last report. A 100+ page document would normally take about 2 hours to read since it has to be read carefully. What is the opportunity cost associated with those two hours? Do you want that executive spending 2 hours reading a 10-K report or spending 2 hours working on the strategy or execution plans for the business?


Wouldn’t it be nice for executives to receive the new 10-K report and only have to read the pages that changed since last year’s report? Wouldn’t it be nice for executives to be able to read a document without all the colors and strikeouts associated with Word Track Changes yet clearly highlighted the changes from the previous report? Wouldn’t it be nice for executives to finish the task to approve the 10-K document in 15 minutes rather than 2 hours?

For those having to track all the signed documents, wouldn’t it be nice to have ALL those documents in one spot to track progress toward planned dates and validate the approvals? Once the audit process is in place and approved by the auditors, the auditors would probably only have to examine a small sample of transactions instead of all transactions. Wouldn’t it be nice to spend a small amount of time with the auditors instead of days with them trying to find all those documents in email archives or manual files? Less audit time translates into lower audit fees!

SOX compliance presents an enormous business opportunity for productivity improvements and reduced risk. Implementations can cover the full enterprise or select departments.


For more information on SOX, visit http://www.savvydox.com/resources/ and review “ Simplifying Sox Compliance” to understand how SavvyDox can improve productivity and reduce business risk associated with SOX compliance – even at the department level! OR drop us an email at [email protected].

SavvyDox can be implemented in days and it’s inexpensive since it is a SaaS model. A full year subscription for one of those executives costs less than the two hours they waste reading the quarterly or annual 10-K report looking for changes.


Here is a link to a vendor independent site for further information on the Sarbanes-Oxley Act