Menu Close

#30 | SOX 404 Overview & Approach

We will discuss the requirements for Sarbanes-Oxley Act (SOX) Sections 301, SOX Section 302, SOX section 404 and SOX section 906 in this article. We will answer the following questions:

I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.

What are the key provisions of Sarbanes-Oxley Act (SOX)?

Here are the top four provisions of SOX that pre-IPO companies focus on. The reason most CEOs and CFOs focus on SOX compliance is because of the potential criminal penalties for non-compliance in Section 906.  (They don’t look good wearing orange or stripe jumpsuits in Club Fed.)

Four Provisions of SOX

What is SOX Section 301 Whistleblower?

It requires companies to set up procedures for the confidential, anonymous submission by employees with concerns about questionable accounting and auditing issues.

SOX  301 whistleblower
SOX 301 whistleblower hotline

Who owns the 301 whistleblower hotline?

Typically Legal owns the process so that you have client-attorney privileges in case the whistleblower and you require legal protection.

SOX Section 301
SOX section 301 whistleblower set up hotline

Who can you use to set-up the hotline?

There are many outsourced whistleblower companies available who set up dedicated toll-free numbers and email addresses to gather and route incoming complaints.  You will need to set up the call routing decision tree based on the severity of the complaints.

What you need to track and report?

You may receive complaints ranging from dirty kitchens to unfair treatment from bosses. Remember that the hotline is for employees to report concerns about questionable accounting and financial reporting matters.  You will need to keep a log of the issues reported and their resolution. You also need to periodically report this to the audit committee.

As SOX consultants, we are often phone or email in phony accounting complaints to test that the whistleblower hotline is working.

What is Section 302 CEO, CFO certification?

Section 302 requires the CEO and CFO to quarterly evaluate the design and operational effectiveness of disclosure controls (including internal controls) and procedures. The CEO and CFO sign a certification in the 10-Q or 10-K related to internal controls.

SOX section 302
SOX section 302 CEO and CFO certifications

What are the requirements for Section 404?

Section 404 requires companies to (a) annually test the effectiveness of internal controls over financial reporting and (b) the external auditors to attest to internal controls.

Under the JOBS Act, Emerging Growth Companies are exempt from 404(b) for the first five years.  Remember though that EGCs still need to document and assess internal controls annually (404a).

For non-EGCs, attestation (404b) is required the first complete fiscal year following the IPO. Early compliance is important to ensure the accuracy of the IPO offering document, because implementation of internal control procedures may reveal material information and affect reporting compliance post-IPO.

SOX section 404 requirements
SOX section 404 internal controls

This can be a big effort for hyper growth companies because of changing processes and procedures to accommodate growth.  Don’t underestimate this effort because your accounting staff already has a full plate running the business. Start preparing well in advance of your first filing of the registration statement.

Also, implementation costs can be big (ranging from $150k to $250k depending on your business) and should be reflected in budgets and forecasts.

What are the requirements for Section 906?

  • CEO and CFO certify the financial statements are accurate and complete
  • Has criminal penalties for certifying a misleading or fraudulent financial report. Under SOX 906, penalties can be upwards of $5 million in fines and 20 years in prison
SOX Section 906 certification
Example of CEO, CFO certification

To recap, we covered the following questions for SOX section 301, 302, 404 and 906:

Leave a Reply

Your email address will not be published.

Share This

Copy Link to Clipboard

Copy