The Dog Ate My E-Mail: SOX For The Midsized Enterprise

On July 30, 2002, the act of Congress known as Sarbanes-Oxley (SOX) was enacted into law. Since then, boards of directors of midsized enterprises—defined here as companies between $100 million and $1 billion in gross annual revenue—have been scrambling to comply with the act. In the midsized enterprise space, there has been a great deal of confusion about what constitutes sufficient compliance with SOX. Many managers are afraid they might fail to properly comply and find themselves under scrutiny of court-appointed auditors. So how is the midsized enterprise supposed to "keep up"— and stay compliant? The general intention of this article is to cast some light on the prevarications and sometimes outright fears of managers, and to elucidate several points on SOX compliance that are feasible—and, most importantly, affordable—for the midsized enterprise.

The act itself can be characterized as the "commandments" of compliance. Since the board, CEO, and top management bear the legal consequences of noncompliance, they should consult with their attorneys and auditors, as a first step. In parallel with that consultation, management must establish a code of conduct and ethical behavior that affects the entire organization. All employees and managers must adhere to that code of conduct, at all times. Beyond that code of conduct, however, are there special circumstances or situations that managers of the midsized enterprise must take into account?