Sarbanes-Oxley Act of 2002

From Guidelines & Principles
Jump to: navigation, search

The Sarbanes-Oxley Act (also known as "SOX")[1] was signed into law on July 30, 2002. Passed in response to the corporate and accounting scandals of Enron, Tyco, and others of 2001 and 2002, the law's purpose is to rebuild public trust in America's corporate sector.

The law requires that publicly traded companies adhere to significant new governance standards that broaden board members' roles in overseeing financial transactions and auditing procedures.

While nearly all of the provisions of the Act apply only to publicly traded corporations, the passage of the bill served as a wake-up call to the entire nonprofit community. Indeed, several state legislatures have already passed or are considering legislation containing elements of the Sarbanes-Oxley Act to be applied to nonprofit organizations. In many instances, nonprofit organizations have adopted policies and altered governance practices in response to the Act.

Nonprofit leaders should look carefully at the provisions of Sarbanes-Oxley, as well as their state laws, and determine whether their organizations ought to voluntarily adopt governance best practices, even if not mandated by law.[2]

Independent Audit Committee


The Sarbanes-Oxley Act requires that each member of a company’s audit committee be a member of the board of directors and be independent. “Independence” in the Act is defined as not being part of the management team and not receiving any compensation (either directly or indirectly) from the company as a consultant for other professional services, though board service may be compensated.

While not all nonprofits conduct outside audits, most nonprofit boards have established one or more financial committees (e.g., finance, audit, and/or investment). In those organizations that undertake annual audits, particularly medium to large nonprofit organizations, the board is likely to have a separate audit committee or subcommittee.

Conflict of Interest Policy (Insider Transactions)

From the Independent Sector:

"Nonprofits are currently highly regulated with respect to financial transactions that take place within the organization. Private inurement, excessive personal benefit, and self dealing all cause serious penalties for any nonprofit that steps out of line. “Intermediate sanctions” laws specifically address compensation and excess benefit transactions with “disqualified” individuals, generally board members and executive staff. Because the practice of providing loans to nonprofit executives has been a source of trouble in the past and because this practice is specifically prohibited under Sarbanes-Oxley and in some states, it is strongly recommended that nonprofit organizations not provide personal loans to directors or executives."

From the National Council of Nonprofits: "A policy governing conflicts of interests is perhaps the most important policy a nonprofit board can adopt. To have the most impact, the policy should be in writing and the board (and staff) should review the policy regularly. Often people are unaware that their activities are in conflict with the best interests of the nonprofit so a goal for many organizations is to simply raise awareness and cultivate a “culture of candor.” It is helpful to take time at a board meeting annually to discuss the types of situations that could result in a conflict between the best interests of the nonprofit – and the self-interest of a staff member or board member.

A conflict of interest policy should (a) require those with a conflict (or who think they may have a conflict) to disclose the conflict/potential conflict, and (b) prohibit interested board members from voting on any matter that gives rise to a conflict between their personal interests and the nonprofit’s interests. Beyond those two basics, it is helpful for each nonprofit to determine how conflicts at the board and staff level will be managed. Keep in mind that the revised 990 asks not only about whether the nonprofit has a written conflict of interest policy, but also about the process that a nonprofit uses to manage conflicts as well as how the nonprofit determines whether board members have a conflict of interest."[3]

Document Retention Policy

From the National Council of Nonprofits:

"The Sarbanes-Oxley Act’s prohibition of the destruction of documents that are subject to review in litigation provides an additional rationale for every nonprofit adopting a document retention policy. This will create a regular business practice of systematic document destruction in accordance with an approved schedule. Having a written policy, and regular business practice of document destruction according to a schedule, lets people know what documents to retain (and for how long). Such a policy is not only a prudent practice but also sound risk management.

The process of developing a document retention policy involves: (1) Identifying what types of paperwork (and electronic files) your nonprofit generates; (2) Determining the appropriate (and legal) length of time to retain them; and (3) Recording those retention times on a written schedule.

Unfortunately there is no one regulation or guideline that governs document retention for all nonprofits. Laws relating to document retention are state-specific in many cases (such as those governing employment/payroll). In some cases the length of time to retain a document should be governed by the time period that a potential claimant has to bring a claim in that state, which can differ from state to state. Also, many nonprofits, particularly those engaged in providing health-care services or those serving minor children, are subject to retention requirements that are specific to, or prudent for, the services they provide."[4]

Whistleblower Protection Policy

From the GuideStar Blog:

Summary of Sarbanes-Oxley Provision The Sarbanes-Oxley Act provides new protections for whistle blowers and criminal penalties for actions taken in retaliation against whistle blowers. The Act protects whistle blowers who risk their careers by reporting suspected illegal activities in the organization. It is illegal for a corporate entity—for-profit and nonprofit alike—to punish the whistle blower in any manner.

Relevance to Nonprofit Organizations Nonprofits must start by protecting themselves. They must eliminate careless and irresponsible accounting practices. A nonprofit organization would benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated.

An organization must develop procedures for handling employee complaints. A nonprofit must establish a confidential and anonymous mechanism to encourage employees to report any inappropriateness within the entity's financial management. No punishment—including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination—is allowed. Even if the claims are unfounded, the nonprofit may not reprimand the employee. The law does not force the employee to demonstrate misconduct; a reasonable belief or suspicion that a fraud exists is enough to create a protected status for the employee.

Recommendations Nonprofits must develop, adopt, and disclose a formal process to deal with complaints and prevent retaliation. Nonprofit leaders must take any employee complaints seriously, investigate the situation, and fix any problems or justify why corrections are not necessary."[5]

Resources & Sample Documents

Sarbanes-Oxley General

GuideStar: Sarbanes-Oxley Act and Implications for Nonprofits Governance and Tax Exempt Organizations

Conflict of Interest Policy

National Council of Nonprofits Conflict of Interest

Blue Avocado Nonprofit Conflict of Interest: A 3-Dimensional View

Nonprofit Risk Management Center: Resources for Developing or Revising Conflict of Interest Policies

Sample Conflict of Interest Policies

Nonprofit Risk Management Center Sample Conflict of Interest Policy and Other Resources (Word Doc) Sample Conflict of Interest Policy

Document Retention Policy

National Council of Nonprofits: Document Retention Policies Sample Document Retention Policy

Charities Review Council: Sample Document Retention Policy

Whistleblower Protection Policy Sample Whistleblower Protection Policy

National Council of Nonprofits: Whistleblower Protections for Nonprofits


The Nonprofit Quarterly Sarbanes-Oxley: Ten Years Later | Nonprofit Quarterly | December 30, 2012

Nonprofit Risk Management Center How Long Should You Keep Out-dated (Expired) Insurance Policies?

Blue Avocado Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?