« Government, Open Source, and XML | Main | European Firms Unhappy About SOX »
January 18, 2005
Compliance, SOX, and Nonprofits
This morning I attended a workshop on the impact of Sarbanes-Oxley on nonprofit organizations. The combination of SOX and nonprofits intrigued me. Since Sarbanes-Oxley is all about public companies, with rules issued by the SEC, my impression was that the connection between SOX and nonprofits was zip. It followed that the workshop was likely to be either very interesting or very short.
It turned out to be very interesting.
Boiled down to essentials, there at least four ways in which the governance and internal control concerns intersect with nonprofit organizations:
- The "whistleblower protection" in section 1107 of Sarbanes-Oxley, which provides substantial penalties for any retaliation against employees or others who provide law enforcement officers with information about possible violation of Federal law, applies to nonprofits as well as to other kinds of entities.
- The penalties for document destruction in section 802 of Sarbanes-Oxley also apply to nonprofits.
- As SOX applies to more and more for-profit entities, parts of it are emerging as the expected standard of performance in the eyes of public and private funding sources. At the very least, nonprofits should expect that expectations regarding conflicts of interest, audits, and evidence of internal controls will increase and will follow the general outline of SOX
- Some states are beginning to consider state regulations that impose parts of the COSO framework and other aspects of SOX on nonprofits. California has already passed such legislation. (For a summary of other state activity, take a look at this document from the National Council of Nonprofit Associations).
Practically speaking, my sense was that the most immediate impact on nonprofits from a content management point of view was that, regardless of size, these organizations need to document policies and procedures and ensure that they are available and that they are used. The focus of this effort should, of course, be on staff and on board members, but should also extend to volunteers who act as agents of the organization. The policies and procedures should include mechanisms for handling employee complaints and document retention and destruction, in accord with SOX requirements. They should also, of course, deal with broader internal control issues such as handling cash, soliciting and accounting for donations, making bank deposits, and so on.
Share or tag this post on:
Digg | del.icio.us | Google | Yahoo My Web | Reddit | Newsvine
Posted by Bill Zoellick at January 18, 2005 7:36 PM
Trackback Pings
TrackBack URL for this entry:
http://gilbane.com/blog/mt-tb.cgi/17
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)