The decision to go public is a massive, transformational effort with the potential to enhance value and create new growth opportunities for your organization. The endeavor also increases regulatory demands and creates scalability challenges. One of the more pressing issues pre-public or newly public companies face is establishing a program to maintain Sarbanes-Oxley (SOX) compliance.

Why did Congress pass SOX?

Congress passed the SOX Act of 2002 to help protect investors from fraudulent financial reporting by corporations in response to several high-profile financial scandals in the early 2000s. ​

What are the requirements of SOX?

There are several requirements under SOX, however, the major provisions of SOX are Section 302, Section 404, Section 802 and Section 906.

What is section 302 of SOX?

Section 302 of SOX states that the chief executive officer (CEO) and chief financial officer (CFO) are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure. The CEO and CFO are required to personally attest to the accuracy and completeness of their financial statements and sufficiency of internal controls quarterly.

What is section 404 of SOX?

SOX 404(a) requires management to assess and report on the effectiveness of internal control over financial reporting (ICFR), and 404(b) requires that an independent auditor attest to management’s assessment of the effectiveness of those internal controls.

What is section 802 of SOX?

Section 802 imposes fines or penalties of imprisonment for the destruction or falsification of records. This section also outlines record retention rules and what business records must be maintained or stored.

What is section 906 of SOX?

Section 906 requires a written statement from the CEO and CFO on all periodic financial reports declaring that the financial report fairly presents, in all material respects, the financial condition and results of operations of the issuer. It also establishes criminal penalties associated with knowingly filing periodic reports which do not comport to the requirements of the section.

Why is SOX compliance important?

Any company that is publicly traded on a U.S. stock exchange is required to be compliant with SOX or be subject to criminal penalties. However, there are benefits to having a robust system of internal controls. The benefits include improvement in operational efficiency, reduction of errors, more reliability of financial reporting, and lowering the risk of fraud.

When does SOX become effective?

The CEO and CFO will be required to comply with sections 302 and 906 upon going public. Generally, companies can take a 1-year exemption for SOX 404 requirements when filing their first Form 10-K but must comply thereafter. Companies should consult with legal counsel on SOX compliance requirements as they can vary depending on different factors, including filing status (e.g., large accelerated filer, accelerated filer, nonaccelerated filer), and other possible designations, such as smaller reporting company (SRC) and emerging growth company (EGC).

The company must evaluate whether their public float or annual revenue exceeds certain thresholds. The information listed below represents general requirements. Companies are encouraged to consult with legal counsel for any compliance requirements.

• If a company has public float less than $75 million and annual revenue less than $100 million then the company will be required to comply only with 404(a).
• If a company has public float that exceeds $75 million or annual revenue greater than $100 million then the company will be required to comply with 404(b).