Basic Accounting and SOX Compliance for Small Business

Business owners face a daily battle for keeping competitive. Just learning how to start a business is not enough; insurance, budgeting, marketing, and accounting are all vital ideas for businesses to embrace. Accounting standards protect businesses, and provide for the possiblity of forensic accounting analysis later. SOX helps to make sure those standards are adhered to.

The goal and intent of the Sarbanes-Oxley (SOX) Act of 2002 is to ensure accurate financial statements and performance are made available to the public. SOX also ensures controls are in place to foster that goal, and to provide companies many different ways to ensure internal controls, and ultimately, company decisions are made with the best information available. Such internal controls include monitoring of controls, information systems, control procedures, control environment, and risk assessments.

Monitoring of controls is the comprehensive auditing done to a company, both internally and externally. Internally, this auditing focuses on ensuring that the company’s operations are tracked and recorded, and errors rectified periodically. External auditing, however, is more powerful in that it has no prejudice about the company’s operations, and looks at the accounting of a company as purely scientific. It is this external auditing that can bring light to failures in internal auditing, and can correct these before they result in either criminal or financial problems.

The information system built from this accounting and auditing is used by a varied list of participants. CEO’s, financial officers, and the general public use the information systems built to make educated decisions on the direction and future of the company, as well as investments. If the information system is allowed to break down or is compromised, the ramifications are far-reaching and often destructive. The information system is the amalgamation of all of the records available to users.

Control procedures are put in place at an operational level to ensure compliance with auditing policies. Most companies have a way to track the rate with which their employees work, such as an electronic timecard or punch clock/card. Salaries and customer expenses are thus tracked on a daily basis, and provide a more accurate picture of how much work is actually done. Rather than guess that every employee works eight hours a day, the control of recording this time exactly can result in saving customers’ money, and companies in salary/vacation cost tracking.

The control environment of a company is perhaps the most important internal control. A company can only be successful in adopting a SOX-compliant environment if its employee’s are committed to it. Some companies require that, upon employment, each employee attest to an ethics contract in writing, and at least once every year. This is a contract and agreement that states unethical behavior will not be tolerated. Often, SOX-compliant companies will state termination as a result of serious SOX violations. This control must be a “top-down” policy, or, ensuring that managers at the top of the company’s structure are just as liable as the lowest level employees.

Risk assessments are an essential part of controls in that they offer a company a chance to “model” a future decision to decide if one course of action will be better or worse for the company. Risk assessments such as new product ideas and investment opportunities must be discussed and weighed carefully. Cost /vs./ benefit modeling is among this concept, and is done to ensure that the benefits of a decision outweigh the cost. Companies that take considerable risks are not profitable in the long-term generally, as one seriously horrible decision can negate thousands of beneficial ones before it. Risk assessments are the “Are you sure?’ button for companies.

These internal controls work together to ensure a company is not only being honest with itself, but also it’s investors and it’s customers. By ensuring employees adhere to a code of ethics, and by constant and repeated auditing, both inside and outside of the company, can true SOX-compliance be attained. Companies that are SOX-compliant must prove they are not only adhering to the different components of controls, but also constantly reviewing those controls for relevance. An internal control that makes sense today, may not make the same sense two months or two years from now.

Most companies that foster an ethical environment are acting in the best interest of the goal of Sarbanes-Oxley. Even though collusion cannot stop violations from happening, it severely limits a few parties from damaging the company on a wide scale. SOX-compliance is gaining rapid acceptance in public companies, as many of them want to show they are doing well, and can provide the evidence. As more and more companies attain the coveted “SOX-compliant” tag, companies that are not acting in good faith and using these controls will decrease over time. The Sarbanes-Oxley Act is relatively young, but will gain popularity among public companies early in this century.