Best practices: the Sarbanes-Oxley Act: good governance for all entities.

• Author: Willis, Susi H.
• Position: ADVICE: ACCOUNTING

THE SARBANES-OXLEY Act is now 3 years old, yet private companies and not-for-profits remain uncertain about its impact on them. Few want to accelerate the dissemination of regulations on private companies and not-for-profits, so most have avoided SOX--like a plague. After all, SOX reforms were a direct response to public-company audit failures, so they should apply only to public companies, fight? Wrong--for at least two reasons.

First, certain provisions of Sarbanes-Oxley apply to all corporate entities, including private businesses and non-profits. The act makes it illegal for any corporate entity to punish a whistleblower in any manner. It also makes it a crime to alter, cover up, falsify or destroy any document to prevent its use in an official proceeding.

Second, SOX contains provisions that apply only to public companies, but are nonetheless good governance for all entities. In fact, some states have proposed that elements of the act be applied to private companies and non-profits. This should serve as a wake-up call--all small businesses and non-profits have the responsibility of self-regulation in order to ensure the confidence and trust of their constituents.

So what should a private company or non-profit do?

Adopt policies that ensure compliance with the act if appropriate. You must protect whistleblowers. Boards of directors of NFPs should adopt a confidential and formal process to encourage reporting and investigation of inappropriate behavior with respect to financial management. Depending on company size and management, whistleblower policies may be appropriate for private companies as well. At minimum, all entities, their CPAs and external stakeholders should resist on effective internal controls.

Aside from the fact that the act prohibits certain intentional document destruction, business owners and non-profit boards have the responsibility to ensure retention of records that support operational reporting. Yet, storage of everything "forever" is not cost-effective or practical. All entities should have a written, mandatory document retention and destruction policy.

Adopt policies that represent best governance. Business owners and non-profit boards should weigh the advantages and disadvantages of applying other provisions of the act--or elements of them.

Small-business owners...