so Sarbanes-Oxley doesn't affect us, right?
Sarbanes-Oxley is the bill signed last July to restore confidence in the US
markets in the wake of Enron and WorldCom. The most publicized provision is
management certification of financial statements. The act applies only to
issuers regulated by the SEC, so those of you with private companies can
ignore Sarbanes-Oxley, right?
Tracy Lefteroff, Global Managing Partner for PricewaterhouseCoopers' Private
Equity and Venture Capital practice in
the current issue of PwC NextWave. If you ever IPO,
or get acquired by a public company, or get acquired by a company that IPOs,
or ... (you get the idea) then your current books will become part of a
public company's books, and will be subject to Sarbanes-Oxley. To avoid due
diligence issues at acquisition or IPO time, you should start thinking about
Sarbanes-Oxley now, says PwC.
according to the newsletter, an insurer or lender may want to apply some of
the standards of Sarbanes-Oxley in deciding whether or not your internal
controls are adequate.
more to Sarbanes-Oxley than just the management certification (and this is
of course a 50,000 foot summary; for more details see
the act itself,
PwC's information page about the act, or your attorney):
1. Loans to
Officers and Directors are prohibited. This is an area I could see affecting
many smaller software companies.
Controls must be certified by management as "adequate." Sure, you know your
mom is an honest bookkeeper, but do you have the systems in place to prove
Management Certification of financials.
Whistleblower Process must be documented. I'll bet most smaller SW companies
don't have that.
Independence of Directors and Audit and Compensation committees.
PwC recommends that you have in place a written documentation policy and
Code of Conduct.
thing to worry about