The Sarbanes-Oxley Act is a U.S. federal law; all public companies doing in business in the United States must comply with the regulation. Private companies considering or preparing for their initial public offering (IPO) may also need to comply with certain requirements of SOX. In order to achieve SOX Compliance, a company must meet all requirements included within the regulation. While SOX has eleven titles divided into sections, a significant number of requirements are focused within Sections 302 and 404. SOX compliance activities include identification and testing of internal controls over the financial reporting process and submitting specific financial certifications within quarterly and annual reports to the SEC.
Non-compliance with SOX requirements can result in millions of dollars in fines and penalties against the company and removal from listings on public stock exchanges. Civil and criminal penalties for officers of the company can include fines up to $5 million dollars and prison terms up to 20 years.
SOX compliance activities, while costly to organizations, also provide benefits. Once implemented, a strong internal control environment can enhance confidence in company internal financial reporting, reduce fraud risk, and improve corporate governance.