Sarbanes-Oxley for Small Businesses: Leveraging Compliance for Maximum Advantage

By Peggy M. Jackson

Published by Wiley; 2006; 176 pages; $39.95; ISBN: 0-471-99825-7

Reviewed by Anthony S. Chan

E-mail Story Print Story

While auditors and experienced CFOs view SOX compliance as an effective way to leverage internal controls to manage risks, the benefits of effective internal controls have often been overshadowed by the high cost of implementing section 404. By highlighting the implications and value of SOX compliance from a risk-management perspective, author Peggy Jackson has succeeded in putting together an introductory handbook that focuses on:

• The basic SOX requirements for small businesses;
• The benefits of effective internal controls; and
• Best practices on risk management with internal controls.

Sarbanes-Oxley for Small Businesses: Leveraging Compliance for Maximum Advantage is written in plain English and is relatively easy to follow. Readers who are not familiar with the basic SOX requirements (e.g., whistleblower protection and documentation-retention requirements) should find the sample policies included in the exhibits very useful. Contrary to the negative views expressed by many regarding the unintended consequences of SOX compliance, Jackson offers her insights on the main reasons small businesses should care about SOX. By supplementing her discussion with examples of best practices, Jackson has done an excellent job articulating the benefits of SOX compliance and providing a commonsense approach to implementing internal controls for the benefit of effective risk management. This is especially important to small business owners because they have limited resources and are often confronted with competing priorities.

SOX compliance is an art, not a science. With proper planning and appropriate management oversight, it can be an effective way to mitigate the risk of material misstatements and reduce the element of surprise. Companies that have successfully complied with the section 404 requirements are leveraging controls and process improvement to strengthen their risk-management program. More nonprofit organizations and private companies are pushing for SOX compliance, seeing its value and long-term benefits. Using the author’s blueprint to implement best practices, readers should find the book useful in designing and developing cost-effective controls to mitigate their business and financial-reporting risks.

To make this a more practical SOX-compliance handbook, the author may want to add specific how-to guidance and recommendations on—

• development of an effective risk- assessment methodology;
• design, development, and implementation of cost-effective controls that address the key risks of an organization; and
• development of a practical, sustainable risk-management program.

The SEC is committed to making SOX compliance cost-beneficial. When done properly with the appropriate tone from the top, companies—public and private alike—stand to reap the benefits of SOX compliance by building a strong risk-management program that is driven by effective internal controls. While this is not a how-to handbook on internal controls implementation and enhancement, anyone seeking to jump-start their SOX-compliance or risk-management process should consider it a must-read.

Anthony S. Chan, CPA, is a partner of Berdon LLP in New York, N.Y., and a leader of its Sarbanes-Oxley compliance and corporate governance practice, and a member of the NYSSCPA’s SEC Practice Committee.