Sarbanes Oxley (otherwise known as SOX) Business Compliance

If you are someone reading this article and you are not based in the USA as a business or are a subsidiary of a US company overseas, then you may not know about Sarbanes Oxley. If you work for an American corporation, then you most certainly will. I have personally been exposed to the controls and audits of SOX compliance for many years.

The financial collapse of two huge American organisations, WorldCom and the more notorious Enron in the early part of this century, (caused by false accounting) were the catalyst for the US Government to take legislative action to put controls in place within which significantly tighten financial control and accountability within companies.

When did it happen?

After the scandals were revealed, two gentlemen, Senator Sarbanes and House Representative Oxley put together the legislative paper that was eventually signed by President Bush on the 30th July 2002. It basically affected any publicly listed companies that have a capitalised value of over $75 million.

What does it do?

Basically, it requires an organisation to be in full control of its processes in order to mitigate any financially fraudulent activity that could either create significant loss or present a company to be in a better financial situation than it actually is. In detail, auditors look for proper financial reporting and controlled processes that mitigate risk. There is also a lot of focus on “segregation of duties” which basically means that
transactions are split between departments, thus risks are reduced e.g. a Credit Control employee would not be permitted to enter customer orders and approve them for credit release. If the organisation did actually permit this, management would have to prove that they had strong mitigating controls in place that monitored such transactions and that they were signed off by an unrelated party.

Organisations have to prove more often by evidence of impartial audit that they comply to the clauses of the SOX act. Senior management are obliged to sign off their financial reports in order to prove that there are indeed controls in place that mitigate financial risk.


SOX places a big responsibility on the executives of a company and they are held responsible for any irregularities that may have occurred. They have to ensure controls and check points are in place. If there is evidence of lack of control, in extreme cases, the executive could actually find themselves in prison.


It has long been said, since its introduction that SOX has actually made American organisations less competitive. The burden of extra controls and cost of audits has slowed business processes and more importantly added significant extra costs. I personally have heard many arguments that state if you add all of the costs incurred to ensure it runs to the SOX act standards versus the fraud that could actually take place, the administration costs are more of a financial burden than the fraud. Is this true, I am not sure, but I am sure that it costs a lot to maintain the SOX standard. Figures have been quoted that on average, it costs $4 million per annum (on average), however, I am unable to substantiate this with any hard facts. Since writing this article a number of years ago I am led to understand that SOX costs have reduced significantly and are much less of a cost burden than they originally where. 


The Sarbanes Oxley act was introduced in 2002 after the Enron and WorldCom scandals rocked American industry. The act places a responsibility on organisations listed on the New York stock exchange that they must be fully compliant with the act and prove prudent financial control and that executives must sign off the accounts as evidence that compliance is indeed in place. If they are proved wrong then the consequences to the organisation and to individuals are significant

  • LinkedIn

©2008 -2018 Nigel P Penhearow