SOX It to Me

Since passing the Sarbanes-Oxley act in 2002, the Securities and Exchange Commission has postponed compliance deadlines twice—now set for November 15—but there is still plenty of confusion over exactly what is expected of companies attempting to prove their financial records are accurate and secure. According to a July study conducted by PricewaterhouseCoopers, 49 percent of companies consider SOX compliance a major challenge, and 29 percent consider their business information processes less than acceptable.

To ease the growing concern over compliance, the SEC proposed in late August to temporarily postpone periodic report deadlines that apply to larger companies, known as accelerated filers. Apparently, the SEC was too aggressive in restricting the window that companies have to file their annual and quarterly reports—the agency had shortened filing times to 60 days for annual reports, 35 days for quarterly reports—and plans to reinstate the original 75/40-day window.

“Big deal, two weeks. It’s really just a Band-Aid for what is a hemorrhaging problem for a lot of companies,” says Don Griffith, senior counsel with law firm Foley & Lardner LLP. “The issue is not 60 versus 75 days—it’s that companies are still struggling to get the assessment of their internal controls right.”

The SEC is vague when it comes to discussing the repercussions of noncompliance. “It depends on the facts of the case,” says John Heine, an SEC spokesman. “We take actions on companies and individuals all the time who fail to comply with our filing requirements.”

But Griffith, who is a former branch chief in the SEC’s Enforcement Division, believes investigations will be thorough and, in some cases, brutal. “I believe there will be a shakeout period,” he says. “It’s going to be investigated very aggressively.”

To keep the SEC on your good side, Griffith suggests “doubling your efforts” and documenting all the attempts you’ve made to comply with Sarbanes-Oxley so far. “If you make a good faith effort, that might grant you some leniency,” he says. “That doesn’t mean you’re off the hook, but there’s a good chance you won’t go to jail.”


Truth or Consequences

SOX compliance is difficult, but there are plenty of incentives to get righteous. Noncompliance is a one-way ticket to an SEC bureaucratic roller coaster that could cost your company millions. Here’s what you can expect if your books are out of order.

COMPANY FILES TO SEC

  • SEC attorney reviews narrative
  • SEC accountant reviews financials
    More questions?
    If NO, then no further action.
    If Yes:

    DIALOGUE WITH COMPANY
    SEC asks company to address queries, reconcile information; process could last for months.
    More questions?
    If NO, then no further action.
    If Yes:

    SEC INITIATES ADMINISTRATIVE PROCEEDINGS OR CIVIL ACTION
    If SEC suspects negligence or foul play, legal proceedings are initiated.
    More questions?
    If NO, then no further action.
    If Yes:

    SEC REFERS CASE TO ENFORCEMENT DIVISION

  • CIO Insight Staff
    CIO Insight Staff
    CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles