Sarbanes-Oxley Act and Compliance

Last night, Navigant Consulting's Bradley McCord and Rick Ostiller gave an overview on the
Sarbanes-Oxley Act of 2002 to the PMI Silicon Valley chapter in an evening program. I learned quite a bit. Before the meeting, I just knew it had something to do with accounting.

After the high profile creative accounting episodes with Enron, the Sarbanes-Oxley Act, SOX for short, was put into place. The main benefit is that the act makes auditors are answerable to the share holders rather than just to the client who signs off on their invoice. A side effect is that big accounting firms are de-coupling their high fee consulting services from their auditing business, to lessen conflict of interest concerns.

Some other interesting points:

• SOX only applies to public companies, with stock that's publically traded
  


• Only the CEO and CFO are liable and responsible for certifying the company's
  financial numbers to the U.S. Securities and Exchange Commission
  (SEC). So no matter what other company employees contribute to the final
  report, only those two will get dinged if there's a problem.
  


• Other high profile company scandals that SOX was involved:
  Worldcom (DBA MCI), HealthSouth, Qwest, Homestore, Marsh & McLennan
  


• Company boards must now include a financial expert and oversee an audit comittee. The board audit committee cannot contain an employee of
  the company.
  


• Every audit will not raise ever issue or error. The goal is to work
  towards a fair conclusion.
  


• 404 Internal control is based on guidelines from
  COSO
  ,
  Committee of Sponsoring Organizations of
  the Treadway Commission
  . This part seemed to be the most relevant to project management:
  
  
  
  • the conrol environment
    
  
  
  • risk assessment
    
  
  
  • control activities
    
  
  
  • information and communication
    
  
  
  • monitoring