Sarbanes-Oxley

by Maureen McAllister - ISOx

Overwhelmed by Sarbanes-Oxley? Does it seem like “SOx” compliance activities duplicate existing procedures and choke productivity? Whether you are a larger, publicly-traded company or a smaller service provider whose customers expect SOx compliance, becoming and remaining SOx-compliant can be costly and non-value added.

Your ISO 9001 system can help. By utilizing existing policies, procedures, data, and training, your ISO system can provide objective evidence of internal control which is the focal point of SOx compliance. Whether you are registered to ISO 9001, ISO/TS 16949, AS 9100 or other management system standards, the ISOx (sm) approach shows you how to do this. Visit www.ISOx.org to find out more.

The Sarbanes-Oxley legislation was passed in 2002 and has recently become effective. Companies who sell their stock on US public exchanges, like the NYSE and NASDAQ, are required to have public accounting firms audit both their financial statements and their internal controls. In the wake of Enron and other corporate leadership scandals, this law is supposed to help restore investor confidence. Part of that confidence relies on the internal controls in place to ensure that the numbers hitting the financial statements are accurate and not misleading.
 

Companies with ISO systems already appreciate the importance of internal controls. ISO compliance means there are established and, in most cases, documented procedures for a variety of business activities…..from the most basic order review and order entry activity or inventory transaction in/out to the more complex control of nonconforming product, corrective action, and management review activities. Many of these activities directly or indirectly impact financial results. Just as important, the “culture” of control in an ISO company suggests an appropriate control environment (one of the aspects of internal control). Top management’s leadership in setting policies, communicating requirements, and conducting management reviews all provide objective evidence of a proper “tone at the top.” See www.coso.org for more on internal control.
 

Section 404 of SOx focuses on internal controls. It specifically requires that a company’s CEO and CFO assess and make statements about their internal controls. Like ISO 9001 and similar management systems, the responsibility is clearly on the shoulders of Top Management. ISO systems can help top management provide objective evidence to support these assertions. In addition, section 302 of SOx refers to both financial and non-financial data in determining what a company must disclose to the SEC that might materially affect its financial position. Again, ISO can help...especially ISO 14001. For example, the environmental planning of ISO 14001 should bring to light environmental liabilities and risk exposure that could materially impact the financial health of the firm. Likewise, the environmental controls in place may help mitigate the exposure associated with environmental issues. Either way, top management can effectively utilize ISO systems’ data to help meet both 302 and 404 requirements.
 

The ISOx(sm) process is all about getting the most from your ISO systems in support of Sarbanes-Oxley compliance. Check out www.ISOx.org for more details.