| Ask the Expert |
Q: What is Sarbanes-Oxley compliance?
A: Sarbanes-Oxley (Sarbanes) is directed at companies that have S.E.C. reporting requirements. The law imposes affirmative obligations on these companies to improve or maintain auditor independence, make sure the auditors are watching for fraud, mandating certain document oversight, and requiring that a person with financial expertise be on a mandated audit committee of the board. Sarbanes also has additional standards regarding protection of whistleblowers.
Q: What is the impact of Sarbanes-Oxley (Sarbanes) on compliance programs?
A: Generally, many parts of Sarbanes will be/are being held out as best practices for all organizations whether public or private, even though most Sarbanes requirements are directly applicable to publicly traded companies.
However, there are two provisions of Sarbanes that apply directly to all organizations: The criminal provisions regarding obstruction of justice via document destruction and retaliation against whistleblowers.
Compliance officers and compliance committees should be reviewing and updating their organization’s policies on document destruction and retaliation against whistleblowers to reflect these new standards.
Currently, there are several states considering adopting Sarbanes-type standards that would apply to nonprofit and tax-exempt organizations.
Several Sarbanes provisions have caused organizations to change board structure to address independence as applicable to board members use of consultants/auditors. The direct affect on compliance programs is that in many cases, the board is looking to separate the auditors work from any other consulting type work including compliance-related activities.
A word of caution: There are some Sarbanes requirements that nonprofit healthcare organizations should very carefully evaluate as to whether to adopt. For instance, written certification of Financial Statements. The overall impact on compliance programs in many cases is leading to the organization’s adoption of new provisions that will most likely end up needing to be monitored by or through the corporate compliance program.
