toppan merrill
  • Insights
  • About Us
  • Contact
  • Client Login

    Toppan Merrill Bridge™

    Content Control

    My Workspace

    Form N-MFP Online

    Toppan Merrill Document Delivery

    Toppan Merrill Insurance Solutions

    Section16Direct

    SEC Connect

    SOX Automation

  • EN

    English

    简体中文 (Simplified Chinese)

    繁體中文 (Traditional Chinese)

  •  
  • Capital Markets Transactions
    • Capital Markets Transactions

      Equity, Debt & IPO Offering Management Services

      M&A

       

       

       
       

      Capital Markets Transactions Resources

      Insights & Analysis

      Events

      SEC Resources

      EDGAR Resources

      XBRL Resources

       

       

      Capital Markets Transactions Products

      Bridge

      Built on the Microsoft® Office® platform, Bridge makes disclosure content management easier, faster and more accurate.

       

       

       

  • Regulatory Disclosure
    • Regulatory Disclosure for Corporations

      Annual Meeting & Proxy Solutions

      Annual Meeting & Proxy Consulting

      Periodic & Interim Reporting

      iXBRL and EDGAR for US-GAAP & IFRS Filers

      iXBRL for ESEF Filings

      SEDAR Filings

      Section 16 Filings

      Automated SOX Compliance

       

       

      Regulatory Disclosure for Investment Management

      Periodic & Interim Reporting and Prospectuses

      Component Content Management & Output

      Website Document Hosting

      Shareholder Preference Center

      Compliance Center for Variable Products

       

       

       

      Regulatory Disclosure Resources

      Insights & Analysis

      Events

      SEC Resources

      EDGAR Resources

      XBRL Resources

       

       

      Regulatory Disclosure Products

      Bridge

      Built on the Microsoft® Office® platform, Bridge makes disclosure content management easier, faster and more accurate.

       

       

      SOX Automation

      Intuitive SaaS technology that centralizes all business locations, processes, risks and controls delivering efficiency, transparency, and predictability of cost.

       

       

  • Sales & Marketing Communications
    • Sales and Marketing Communications

      Offerings

      Omni-channel communications

      Document Creation & Management

      Sales Enablement

      ADA Services

      Fulfillment & Distribution

      Printing Services

       

       

       

      Industries

      Financial Services

      Health Insurance

       

       

       

      Sales and Marketing Communications Resources

      Insights & Analysis

      Events

       

       

      Sales and Marketing Communications Products

      Connect

      Drive client engagement and streamline personalized, compliant communications from printing to leading-edge digital solutions.

       

       

       

  • Products
    TOPPAN MERRILL
    ConnectTM

    Connect helps drive client engagement and streamline personalized, compliant communications from printing to leading-edge digital solutions.

    TOPPAN MERRILL
    BridgeTM

    A seamless SaaS solution built on the Microsoft® Office® platform, Bridge is an intuitive technology that makes disclosure content management easier, faster and more accurate.

  • Resources
    •  
       

      Insights & Analysis

      Events

      SEC Resources

      XBRL Resources

      SEC EDGAR Resources, Definitions, and Processes

      Regulatory Compliance Glossary

       

       

       

toppan merrill
  • Capital Markets Transactions
    • Overview
    • Equity, Debt & IPO Offering Management Services
    • M&A
  • Regulatory Disclosure
    • For Corporations

      • Overview
      • Annual Meeting and Proxy Statement Solutions
      • Periodic & Interim Reporting
        • EDGAR & iXBRL for SEC Filings (US-GAAP & IFRS)
        • iXBRL for ESEF Filings
        • SEDAR Filings
        • Section 16 Filings
        • Automated SOX Compliance
    • For Investment

      • Overview
      • Prospectus for Investment Management
      • Periodic & Interim Reporting for Investment Management
        • Component Content Management & Output
        • Website Document Hosting
        • Shareholder Preference Center
        • Portfolio Specific Document Management for Variable Products
  • Sales & Marketing Communications
    • Overview
    • Offerings

      • Omni-Channel Communications
      • Document Creation & Management
      • Sales Enablement
      • ADA Services
      • Fulfillment & Distribution
      • Printing Services
    • Industries

      • Financial Services
      • Health Insurance
      • Dynamic Publishing for Health Insurance
  • Products
    • Connect
    • Bridge
    • SOX Automation
  • Resources
    • Insights & Analysis
    • Events
    • SEC Resources
    • SEC EDGAR Resources
    • XBRL Resources
    • glossary
  • Insights & Analysis
  • About Us
  • Contact
  • Client Login
    • Toppan Merrill BridgeTM
    • Content Control
    • My Workspace
    • Form N-MFP Online
    • Toppan Merrill Document Delivery
    • Toppan Merrill Insurance Solutions
    • Section16Direct
 

Two Lies and a Truth about SOX Compliance Management

By Elizabeth Epler Jones - Partner, AXIA Partners on 19 April, 2021
1 min read | Industry Insights Insights Home

SOX-Blog-3-Header-Image (1)

In my role as an Internal Audit consultant, one of the many benefits of my job is I get to talk with all kinds of companies and educate them about SOX compliance. While recently IPO’d companies tend to seek out advice, even the most seasoned CFOs often need a refresher on their SOX requirements.

Consider these interesting tidbits:

  • Did you know that 40% of IPOs in 2020 disclosed a material weakness in their S-1?
  • Were you aware that 45 days after going effective, the CEO and CFO personally have to sign off on the design and effectiveness of their disclosure controls and procedures?
  • As a CFO, do you have a clear picture in your head of the design and execution of the key controls that are required to make this personal certification?

Have I gotten your attention yet? The lesson here is, oftentimes, people don’t know what they don’t know and are often caught completely flat-footed when it comes to SOX compliance. And when they do realize the details involved and the scrutiny applied it is often too late.

Compliance arising out of the Sarbanes Oxley Act of 2002 (SOX) is a significant undertaking – for any company – no matter how new, mature, big, small, complicated, or simple you may be. At its core, there are really three sections we focus on from a SOX compliance perspective: §302, §906, and §404. Sections 302 and 906 compliance relate to the CEO and CFO personally accepting liability for the material accuracy and proper disclosure of any fraud or deficiencies within their financial statements and disclosures. §404 is where management must make a statement about the design and operating effectiveness of their internal controls over financial reporting (ICFR). Depending on your filing status, your external auditors will have to issue an opinion over ICFR at some point as well.

The Institute of Internal Auditors (the IIA) proposed an update last summer to the decades-old "Three Lines of Defense Model" (www.globaliia.org). This new "Three Lines Model" further illustrates the importance of internal controls to companies through improved insight into “interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.”    Management is responsible for the first two lines and works collaboratively with the Governing Body and Internal Audit to achieve company objectives around internal controls, compliance, and information and technology security. Internal Audit acts with independence, objectivity, and expertise as the third line of defense before potential errors could be exposed to external audit or regulators, neither of which are good scenarios.

The IIAs Three Lines Model

Realizing now the importance of internal controls and the other aspects of SOX, why in the world would companies not take it seriously?? Why are there still CFOs living on an island of SOX requirement denial??

 

Lie #1: “What I am doing is enough.”

You would be shocked how often I hear this statement. Typically, it’s when the company has done little to nothing to document their risk and controls, and then they are not even validating that the few controls that are documented are in fact working. And typically, this also arises when they haven’t tripped the requirement for external auditor attestation on their ICFR.

 

The Hard Truth: No matter what, as a public company and SEC registrant, you have an obligation for SOX and corporate governance. Based on where you are in your lifecycle (new IPO company, emerging growth company, large accelerated filer, etc.), there may be some nuanced differences. However, more likely than not, you MUST complete and be able to provide support for Management’s Assessment of ICFR under Item 9a in your Form 10-K or Item 4 in your Form 10-Q. Failure to do so could have implications for everyone from the C-Suite to the Audit Committee and Board of Directors as well as underwriters and investors.

 

Lie #2: “The penalties aren’t worth the cost, time, and effort to do the work.”

Sadly, this poorly conceived notion is still floating around out in the universe.

 

The Hard Truth: Shedding of accountability opens the door for a multitude of bad outcomes:

  • The CEO and CFO are now at risk for fines, penalties, investor lawsuits, and lack of favor in the public markets. Both could be barred from serving a public company.
  • CFO could risk losing CPA license.
  • Company could be barred or suspended from market participation.
  • The company and senior leadership are exposed to SEC Enforcement actions and civil suits.

 

THE ULTIMATE TRUTH: People and Corporations are getting caught. Really.

It was noted in the SEC 2020 Annual Enforcement Report, that “the Commission obtained more than 475 bars or suspensions against market participants and suspended trading in the securities of 196 issuers. In addition, the Division triaged approximately 23,650 tips, complaints, and referrals and opened close to 1,200 new inquiries and

investigations. Finally, the Commission obtained judgments and orders totaling approximately $4.68 billion in disgorgement and penalties – the highest amount on record.”

 

All.of.this.was.in.2020. And, let me assure you, 2021 is poised to be even more robust. Whistleblower awards with both company and individual sanctions are at an all-time high. Just review the list of SEC enforcement actions in February and March of this year alone. Even more alarming, SEC data clearly demonstrates that ineffective controls are likely to be persistent over time, leading to a cascade of negative effects which can undermine investor confidence and stock prices. (SEC Data Demonstrates that SOX ICFR Failures are Rarely Isolated Instruments, Jennifer Froberg, February 2021)

 

You may be asking yourself right now, “Ok. This is scary. What do I do?” That’s good. That’s really good. Now that you are convinced that SOX is real and denial is really a truly poor choice, you are ready for the next step: asking for help. There are several automated technology solutions available in the market that can automate much of your SOX compliance program and skilled SOX professionals available to assist you.

 

If you are looking for help. Just ask. Preparedness to be a public company, including ICFR and Disclosure and Controls Procedures (DCP) and IC is a complex undertaking and fraught with the potential for error.

 

  1. DON’T WAIT to get started! Best practice is to allow 9 – 12 months to complete documentation, gather evidence of control execution, identify major remediation efforts, and preliminarily assess control effectiveness in order to provide a basis for the first year filing.
  2. Often, significant process changes are required to effectively implement a strong internal control framework. Waiting too long to address Sarbanes-Oxley requirements can create a huge burden on already over-worked staff.
  3. Management should integrate consideration of internal controls into the company’s financial processes as early as possible to allow time to implement and adequately assess the effectiveness of those controls.
  4. Consider implications of listing requirements on ICFR and corporate governance.

Elizabeth Epler Jones-1Elizabeth Epler Jones, CPA – Partner, AXIA Partners

Elizabeth has been involved with SOX compliance since the Act became law in 2002. She currently leads the Compliance Practice for AXIA Partners. Elizabeth and her team consult with companies looking to accelerate the efficiency and effectiveness of their SOX compliance management program through Toppan Merrill’s SOX Automation platform.

Share

Share on twitter Share on linkedin Share on facebook
Previous ArticleHow to Efficiently Produce and Manage Multichannel Communications
Next ArticleSEC Division of Examination Announces 2021 Examination Priorities

Subscribe

Subscribe

Subscribe

Subscribe

Elizabeth Epler Jones - Partner, AXIA Partners



toppanmerrill.com


Show more posts from author

SEC; Capital Markets & Compliance; SEC updates;
 

Expert Support

The best-in-class partner for complex, secure communications. Contact Toppan Merrill today.

Contact Us

Subscribe to the Toppan Merrill Blog

Gain actionable insight on industry trends, best practices & successful strategies to help your business.

Subscribe

Blog Categories

  • Industry Trends
  • Shareholder Communications
  • 40 Act SEC Regulations
  • Digital Communications
  • Toppan Merrill Connect
  • Content Management
  • Print/Fulfillment

Blog Categories

  • Industry Trends
  • Shareholder Communications
  • 40 Act SEC Regulations
  • Digital Communications
  • Toppan Merrill Connect
  • Content Management
  • Print/Fulfillment

Blog Categories

  • Member Communications
  • Section 508 Compliance
  • Digital Communications
  • Toppan Merrill Connect

Blog Categories

  • Industry trends
  • Shareholder communications
  • 40 act SEC regulations
  • Digital communications
  • Toppan Merrill connect
  • Content management
  • Print/fulfillment

Most Popular Articles

Most Popular Articles

Most Popular Articles

Most Popular Articles

Regulatory Resources

  • SEC Resources
  • EDGAR Resources
  • XBRL Resources

Toppan Merrill Corporate Video

2023 Compliance Calendar

Toppan Merrill 2023 Compliance Calendar_DIGITAL_Page_01
Download

Interactive Digital Compliance Calendar

2022 Interactive Digital Compliance Calendar

View Calendar

Regulatory Resources

  • SEC Resources
  • EDGAR Resources
  • XBRL Resources

Toppan Merrill Corporate Video

2023 Compliance Calendar

Toppan Merrill 2023 Compliance Calendar_DIGITAL_Page_01
Download

Interactive Digital Compliance Calendar

2022 Interactive Digital Compliance Calendar

View Calendar
Toppan Merrill Corporate Video

Regulatory Resources

  • SEC Resources
  • EDGAR Resources
  • XBRL Resources

Toppan Merrill Corporate Video

2023 Compliance Calendar

Toppan Merrill 2023 Compliance Calendar_DIGITAL_Page_01
Download

Interactive Digital Compliance Calendar

2022 Interactive Digital Compliance Calendar

View Calendar

Latest Blogs

Latest Blogs

Latest Blogs

Latest Blogs

ToppanMerrill logo

Expand Possible.

twitter linkedin

Solutions

  • Capital Markets Transactions
  • Regulatory Disclosures for Corporations
  • Regulatory Disclosures for Investment Management Companies
  • Financial Services Marketing & Communications
  • Health Insurance Marketing & Communications
  • Election Services

Technologies

  • Toppan Merrill Connect™
  • Toppan Merrill Bridge™

Blog

  • Insights

About Toppan Merrill

  • About Toppan Merrill
  • Operating Principles
  • Careers

Get In Touch

  • Contact Us

TERMS OF USE | PRIVACY NOTICE | TOPPAN MERRILL SERVICES AGREEMENT | TOPPAN MERRILL SUPPLIERS | GLOSSARY

© Toppan Merrill 2022

ToppanMerrill logo
Expand Possible.
` twitter linkedin
Solutions
  • Capital Markets Transactions
  • Regulatory Disclosures for Corporations
  • Regulatory Disclosures for Investment Management Companies
  • Financial Services Marketing & Communications
  • Health Insurance Marketing & Communications
  • Election Services
Technologies
  • Toppan Merrill ConnecTM
  • Toppan Merrill BridgeTM
BLOG
  • Insights
About Toppan Merrill
  • About Toppan Merrill
  • Operating Principles
  • Careers
Get In Touch
  • Contact Us

TERMS OF USE | PRIVACY NOTICE | TOPPAN MERRILL SERVICES AGREEMENT | TOPPAN MERRILL SUPPLIERS | GLOSSARY

© Toppan Merrill 2019