What Is the Sarbanes-Oxley Act?

The Sarbanes-Oxley (SOX) Act of 2002 is a law that imposes strict financial reporting and auditing requirements on publicly traded companies in order to improve the accuracy and integrity of reporting and ensure the independence of accountants and auditors. It also ushered in an era of accountability and oversight for nonprofits.

Learn about the origins and the key provisions of the Sarbanes-Oxley Act that apply to nonprofits to ensure that your organization remains compliant with the law.

What Is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act of 2002 is a law passed on July 30 of that year requiring corporations with publicly traded securities to adhere to certain standards in governance that increase the role board members play in overseeing financial transactions and auditing procedures.

The original aim of the legislation was to improve public confidence in the financial reporting of publicly traded companies. But today, the SOX Act continues to provide a blueprint for nonprofits that want to be transparent and financially responsible in their transactions.

• Alternate name: The American Competitiveness and Corporate Accountability Act of 2002, SOX Act

How the Sarbanes-Oxley Act Works

The SOX Act was created to restore public trust in corporations following corporate accounting scandals that made names such as Enron synonymous with corporate malfeasance.

Although the law mainly applies to publicly traded corporations, at least two criminal provisions, on whistleblower complaints and document destruction, apply to nonprofit organizations. Moreover, the legislation as a whole served as a wake-up call to nonprofits.

As such, responsible nonprofits have been using the Sarbanes-Oxley as a standard for their own financial practices. These practices can only improve a nonprofit's internal controls and provide needed transparency for their financial activities. The key provisions of the law as they apply to nonprofits and recommended actions to comply with them are listed below.

Independent Audit Committee

The Act governs the Board of Director's Audit Committee, requiring that each committee member is a member of the board and is independent. Moreover, audit committees are expected to have at least one "financial expert" or explain why not. The audit committee oversees the outside auditor's activities.

Most nonprofits, even if they do not conduct outside audits, have one or more board committees that deal with financial issues. Large nonprofits probably do have an audit committee that oversees the annual audit. It is good practice for nonprofits to ensure the independence of the members of the audit committee or other financial committees. Nonprofits also should ensure that members of their audit or financial committees are financially literate.

Independent Auditors

Sarbanes-Oxley governs the responsibilities of auditors, requiring the auditing board to preapprove the auditor and disclose that preapproval to investors. The auditing firm must be independent and cannot provide non-audit services to the company at the time of the audit. Moreover, the partner of the auditing firm must rotate off of the audit every five years. The company does not need to be changed, although that is one way to accomplish this. The audit firm must also report to the audit committee "critical accounting policies and practices" used to complete the audit.

Nonprofit boards should follow suit, giving the audit committee sole discretion over the choice of an outside auditor. They should also change audit partners every five years so that the auditing firm does not "fall asleep at the switch" because of over-familiarity. Nonprofits also are encouraged not to mix auditing and non-auditing services to prevent any conflict of interest.

Accurate Financial Statements

Sarbanes-Oxley requires that the chief executive officer (CEO) and the chief financial officer (CFO) of a publicly held company certify the company's financial statements, attesting to their appropriateness and that they accurately present the financial condition of the company.

Nonprofits are encouraged to require their CEO to certify the organization's financial statements. If the CEO of the nonprofit is not as well versed in financial matters as the CFO of a company, the firm needs a capable CFO. However, the CEO of the nonprofit ultimately must be responsible.

Avoiding Insider Transactions

With a few exceptions, the SOX Act prohibits a corporation from making personal loans to its executives or directors. Exceptions include making such loans in the normal course of business, only extending loans that are generally available to the public, and extended loans at market terms.

If a nonprofit makes personal loans to these individuals, it should do within the parameters deemed acceptable by the law. Moreover, if a firm transacts with insiders, it should enact a conflict-of-interest policy to guard against impropriety.

Transparency and Disclosure

This area of the law touches on whistleblower complaints and document preservation that also apply to nonprofits. The Act establishes criminal penalties for willfully retaliating against people who offer information to law enforcement relating to a federal crime. It also makes it a crime for a firm to tamper with, destroy, or conceal a document or record.

Nonprofits can minimize criminal exposure by establishing a formal complaint and review process that eliminates the need to "blow the whistle." It should also enact a policy on document destruction that avoids the accidental or intentional destruction of records.

Benefits of the Sarbanes-Oxley Act

Nonprofits would be wise to put into place safeguards in the above areas, namely for these key reasons:

• Improved financial reporting: A 10-year retrospective study published in 2014 suggested that the SOX Act has improved the quality of financial reporting.
• Increased transparency and trustworthiness: In an era of greater scrutiny of nonprofit organizations, Sarbanes-Oxley provides an excellent blueprint for nonprofits to reach a level of financial responsibility that can help their reputations and ensure the trust of their donors and supporters.
• Lower risk of fraud and financial scandals: Research in 2017 revealed that the SOX Act acts as an "early-warning system" for corporations that can help reveal fraud because weak internal controls are linked with hidden fraud. The strict financial reporting requirements of the Sarbanes-Oxley Act can improve internal controls and thereby help companies identify fraud or similar corrupt activities and stop them before they lead to an Enron-like scandal that can be financially ruinous to the company and its investors.
• More informed donor decisions: The SOX Act can result in more comprehensive financial reporting of assets, debts, and risk. This, in turn, allows donors and supporters to more effectively evaluate a nonprofit as a beneficiary of a donation, which may make it easier to meet donation targets and strategic goals.

Criticism of the Sarbanes-Oxley Act

Critics typically decry the following aspects of the legislation:

• High cost of compliance: Some criticize the legislation for the high costs that firms must incur to comply with the rules. Costs have been found to disproportionately fall on small firms, though studies indicate that they have fallen since the law was first introduced.

• Fewer organizations: Some argue that the cost of compliance discourages the formation of new firms, particularly small ones, though the 10-year retrospective study referenced earlier found the data on that claim to be unclear.
• Fewer IPOs: The costs and reporting requirements caused some firms to go private in the wake of the SOX Act, but the 10-year study found that the impacted firms were smaller and more liquidity-poor and fraud-prone.