Documents Necessary to Understand SOX 1051

  • I am just beginning the SOX process, and am trying to identify all of the documents that define SOX requirements. More importantly, I’m just trying to understand HOW to find the necessary documents. Is there any resource that I can look at that outlines all applicable government documents? If it exists, I can’t find it.
    I understand that Congress enacted the SOX laws in 2002. That law refers to, and updates, the Exchange Act of 1934. The Exchange Act is part of the United States Code. You have:
    *Title 15 United States Code - governs securities markets, contains Exchange Act of 1934
    *Sarbanes Oxley Act of July 2002 - creates PCAOB, instructs SEC to pass rules to implement certain sections of the Act
    *SEC Final Rule 33-8177 - SEC rules on Sections 406, 407
    *SEC Final Rule 33-8238 - SEC rules on Sections 302, 404, and 906
    *SEC Final Rule 33-8392 - SEC rule extending SOX 404 compliance
    *SEC Final Rule 33-8545 - SEC rule extending SOX 404 compliance for non-accelerated filers
    If I were to read and understand these documents, would I be fully versed on the laws I need to follow to be SOX compliant, or are there other documents out there that I need? I realize that the COSO framework and other docs can tell me HOW to get compliant, but that’s not what I’m asking right now. I just want the docs that prescribe what must be done, not how to do it.
    If we could make a complete list, I think it would be a great resource for new people. It would help me.

  • I just found another one:

    • SEC Final Rule 33-8220 - implements Section 301, which is Audit Committee requirements.
      Does anyone know if there is ANY place I can see a current list of all regulatory documents that apply to SOX? I hate the fact that consultants are needed to answer that basic question. Consultants are necessary, but they should be used for implementation, interpretation, etc. I shouldn’t have to ask a consultant to put together a list of all pertinent documents.
      I should be able to find that myself. Is there anywhere on the SEC’s website, or any other web site, that keeps a current list of all regulatory documents?

  • Here is another Link to the AICPA website which has good links to relevant information

  • Wahoo,
    Unfortunately you will find that the law does not prescribe exactly what must be done to comply with the Sarbanes-Oxley Act of 2002. If you are interested in reviewing documents that will give you an idea of what must be done, I would review the PCAOB’s auditing standard No. 2 at:
    The PCAOB was charged by the Sarbanes-Oxley Act with oversight of the audit firms performing Sarbanes-Oxley Audits. This standard prescribes what is required of the auditors to complete a SOX audit. By working backwards from what is required of the auditors, you can best ascertain what is required of you to comply.
    Good luck in your SOX compliance efforts. The best advice I can give you is to be sure to look for ways to make your compliance efficient, otherwise you will spend much more time and money than is necessary.

Log in to reply