According to the 107th Congress of the U.S. H.R.3763 “protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws and for other purposes.” Commonly known as the Sarbanes-Oxley Act of 2002 or “SOX” the Act affects all public companies whose stock is traded on U.S. exchanges. Although its passage changed the way we conduct business in the U.S. the law is nonetheless complex and challenging.
Michael S. Hugh developed Sustained Sox with the purpose of helping any company regardless of size or location to design and implement frameworks for both initial and ongoing SOX certifications. Volume I is intended to be used by a company’s internal controls people to review modify and implement the processes needed to sustain SOX for the long term.
This book is geared to readers who have a basic understanding of the Act and the implications for their companies. Thus novice businesspeople should consider reading and researching the Sarbanes-Oxley Act before tackling Sustained Sox. The author’s style is succinct direct and authoritative—certainly to be appreciated by business executives. After readers have given thought to and understand information contained in the various titles listed in the Act’s table of contents (including Auditor Independence Corporate Responsibility Analyst Conflicts of Interest Corporate and Criminal Fraud Accountability and White-collar Crime Penalty Enhancements) they will find Sustained Sox to be a comprehensive tool to apply SOX-required processes to their businesses.
The first two chapters contain what the author calls “environmental information.” Chapter 1 focuses on personnel and processes including the organizational chart and roles and responsibilities for designing and modifying internal controls. Charts such as the one beginning on page twenty-three accurately and comprehensively display rather technical and high-level information in an easy-to-understand format.
Chapter 2 itemizes prerequisites such as policies procedures and guidelines; an explanation of master files; the development of timelines; communication infrastructure; and training programs. The Committee of Sponsoring Organizations (COSO) Report defines appropriate framework components as being: control environment risk assessment information and communication monitoring and control activities. According to the author if done properly the steps in this chapter will ensure that the ongoing processes are sustainable on a long-term basis.
Although the book does not include introductory information about the author a quick check of the book’s website www.sustainedsox.com states that Hugh Enterprises Inc. “is a provider of software solutions and services to several industries with our primary focus on the Financial Services Industry.” Although that particular business is one that has historically been heavily scrutinized and regulated any company can be well served by the tools contained in Sustained SOX.