The Sarbanes-Oxley Act of 2002, commonly referred to as SOX, requires public companies to report annually on their internal controls for financial reporting within their Form 10-K. The purpose is to protect stakeholders and provide assurance on the adequacy of controls in place to prevent fraud and financial misstatement. Public companies are required to comply with SOX, but compliance is often an overlooked or underestimated step for a company preparing to go public.
According to many experts, the process should start about 18-24 months prior to going public, and studies have shown that some of the most successful IPO companies operated under public company rules (including SOX compliance) for 12 months prior to going public. Demonstrating SOX compliance prior to going public shows management’s commitment to protecting future stakeholders by identifying risks, gaps and weaknesses and remediating them, and implementing industry best practices for financial, operational and technological processes. This assures that the right people are in place and the company is fully aware of their risk areas.
Key SOX Provisions for Companies Considering an IPO:
- Section 302 – Mandates senior officers of a public company certify that they have established and maintained internal controls to ensure the accuracy of company information found within their reports.
- Section 404 – Requires management and external auditors to report on the adequacy of the internal control over financial reporting.
- Section 802 – Outlines rules for record keeping including a) destruction and falsification of records, b) defined retention periods for storing records, and c) specific types of business records that must be stored.
Benefits for a SOX-compliant Company Include:
- Prioritizing risks,
- Strengthening internal control structures,
- Improving performance audits, and
- Establishing centralized, automated financial reporting.
SOX compliance is a big undertaking for any business, and companies should consider the available resources they have for not only design and implementation of compliance, but also for maintaining future compliance. Becoming SOX-compliant can be a time-consuming and expensive endeavor, and employees may push back on procedural or system changes that require more of their time. Bringing in a qualified team of experts to help build your company’s SOX program will expedite the process and ensure that your company is fully compliant.
For more information on navigating SOX and/or preparing for an IPO, please connect with us.