For public companies, complying with Sarbanes-Oxley (SOX) legislation is mandatory. Non-compliance can lead to fines, damaged company reputation, and investor losses if financial fraud occurs.
While the SEC rules provide a general framework, it is up to each company to implement policies and procedures that adhere to SOX guidelines. This sample checklist provides a model of controls in key compliance areas.
Control Environment
- Code of conduct distributed to all employees
- Conflict of interest policy completed annually
- Independent directors comprise the majority of the board
- Executive compensation package approved
Risk Management
- Fraud risk assessments performed annually
- Risk control matrix developed for financial reporting
- Process flow diagrams documented for the closing process
- Risk management committee meets quarterly
Control Activities
- Monthly account reconciliations completed
- IT system access rights reviewed quarterly
- Capital expenditure requires 2 sign-offs
- Inventory cycle counts conducted
Information & Communication
- Management sub-certifications obtained quarterly
- Financial disclosures reviewed by Controller, CFO and Audit committee
- Confidential whistleblower hotline established
- External audits completed annually
- Internal audit plan based on risk assessment
- Process improvement teams address audit findings
- Dashboards track defects and resolution status
While this sample checklist provides a template, companies should customize it to include the specific controls relevant to their own risk environment and processes. The checklist helps ensure all bases are covered for SOX compliance.
