How to Comply With Sarbanes-Oxley
June 5, 2017
The Sarbanes-Oxley Act (SOX) was enacted in 2002 to strengthen corporate accountability and eliminate financial fraud within publicly-traded companies. This federal law was passed as a direct response to the infamous corporate accounting scandals that occurred between 2000 and 2002. As a result, auditing controls must be put in place to safeguard the accuracy of financial information. Failure to comply with SOX may result in monetary fines, delisting from the New York stock exchange, or even the imprisonment of corporate officers.
Small businesses with limited internal resources may have difficulty complying with SOX requirements. To help your business stay in compliance with the law, we’ve compiled this list of helpful tips:
Follow Final Disposition Guidelines
SOX imposes severe penalties for the willful destruction of documents, and failure to follow retention requirements is considered an obstruction of justice. Take a close look at your retention schedule and consult with a records management expert to determine exactly how long you need to retain documents and when it’s safe–even necessary—to destroy them. If your company is audited, you’ll need to provide evidence of destruction. To ensure a favorable audit review, use a professional document shredding service. After your documents are destroyed, you are issued a Certificate of Destruction which notes the time and date of shredding.
Store Offsite
In order to protect themselves from SOX non-compliance penalties, more and more companies are keeping accounting and finance records longer. But those records have to be managed properly. This results in more costs and risks associated with storing and managing documents in-house. However, there is a better alternative: You can use a document storage and management service to reduce internal file-related administrative tasks and keep your records safe from unauthorized access.
Your provider transfers your documents to a records center where they are barcoded and indexed. The only identification on each stored box is the barcode which allows it to be tracked. Access to the facility is limited to screened records management professionals. A digital surveillance system monitors all activity inside and outside the records center. All visitors must pass through a security gate and show identification before being granted escorted access.
Back Up Your Data
SOX doesn’t just apply to your paper records. According to the law, you must also manage your electronic data. Section 302 of SOX requires CEOs and CFOs to personally stand behind their company’s financial statements. This means systems have to be put in place to pull together data in spreadsheets, documents and emails from across the organization. Any information related to financial reporting is auditable and can be subpoenaed in an investigation. As a result, it’s imperative to back up your financial data. Make sure you have copies stored offsite, preferably in a media vault to ensure long-term information preservation.
With the help of a reliable records and information management provider, SOX compliance is achievable and cost effective.
Corporate Records Management offers document storage services for businesses in Dallas-Fort Worth and the surrounding areas. For more information, please contact us by phone or complete the form on this page.