The law was created in response to corporate accounting scandals that rocked the nation in recent years and made names such as Enron synonymous with corporate malfeasance.
Although the new law applies to publicly-traded corporations, it has served as a wake-up call to the nonprofit community as well. In fact, it has been proposed that the law be broadened to apply to nonprofit organizations.
Meanwhile, responsible nonprofits have been using the Sarbanes-Oxley as a standard for their own financial practices. These practices can only improve a nonprofit's internal controls and provide needed transparency for their financial activities.
The aspects of Sarbanes-Oxley that are most relevant to nonprofits are:
- First, the Act governs the Board of Director's Audit Committee, requiring that each committee member be a member of the board and be independent (not receiving any compensation from the company). In addition, audit committees are expected to have at least one "financial expert" or explain why not. The audit committee oversees the outside auditor's activities.
Most nonprofits, even if they do not conduct outside audits, have one or more board committees that deal with financial issues. Large nonprofits probably do have an audit committee that oversees the annual audit. It is good practice for nonprofits to ensure the independence of the members of the audit committee or other financial committees. Nonprofits also should ensure that members of their audit or financial committees are financially literate.
- Second, Sarbanes-Oxley governs the responsibilities of auditors. It requires that the lead (reviewing) partner of the auditing firm rotate off of the audit every five years. The firm does not need to be changed, although that is one way to accomplish this. In addition, the auditing firm cannot provide non-audit services to the company at the time of the audit. The audit firm must also report to the audit committee "critical accounting policies and practices."
Nonprofit boards should also change reviewing auditors every five years so that the auditing firm does not "fall asleep at the switch" because of over-familiarity. Nonprofits also are encouraged to not mix auditing and non-auditing services to prevent any conflict of interest.
- Third, Sarbanes-Oxley requires that the chief executive and the chief financial officer of a publicly-held company certify the company's financial statements, attesting to their appropriateness and that they accurately present the financial condition of the company.
Nonprofits are encouraged to require their CFO to certify the organization's financial statements. The CEO of the nonprofit may not be as well versed in financial matters as the CFO of a company. Thus, the need for a capable Chief Financial Officer. However, the CEO of the nonprofit ultimately must be responsible.
Other provisions of Sarbanes-Oxley regulate
- insider transactions and conflicts of interest
- disclosure or transparency to the public
- whistle-blower protection
- document destruction
In an era of greater scrutiny of nonprofit organizations, Sarbanes-Oxley provides a good blueprint for nonprofits to reach a level of financial responsibility that can only help their reputations and ensure the trust of their donors and supporters.
GuideStar.com has an excellent discussion of Sarbanes-Oxley and a list of recommendations for nonprofits.
You can also read about a recent study that shows that nonprofits are taking Sarbanes-Oxley to heart.