Is Ethical Training a requirement of SOX 1444

  • I know that an honor code must be established, but to what extent is ethical training a requirement of SOX? I’ve read that it is and that it isn’t depending on the article. I manage a company that provides ethics training all over the U S and was wondering if our training would be of any advantage to larger public corporations?
    Oh, and thanks for all the great info on this site, I’ve come here for answers before and never even needed to register and ask thanks to posters like Milan. 😄

  • Oh… and please nobody think I am on here trying to solicite business. I just know that some companies are using extensive ethics training programs now and I wonder if this is a result of SOX or if it is just a smart move that some companies are making.

  • Hi and welcome to the forums 🙂
    I did a quick Google search with the keyword ‘SOX ethical training’ and found a number of articles.
    Based on scanning a few of these, it appears that corporate training on ethical conduct has increased, but I don’t think it’s a direct requirement of the SOX compliancy act itself.
    Still, it’s not a bad idea. Even, if it’s not written in the ‘letter of the law’, it’s the ethical thing to do 😉

  • I agree with Harry.
    I think that ‘ethics training’ is one of the subjects that must be communicated to staff re SOx (while communicating the code of conduct). But, how a company/managers determines what is included in the training is open to interpretation.

  • SOX does not require Ethics Training per se, but the control environment is directly impacted by the ethics of a company’s employees and its management.
    With respect to the operating environment,
    INTEGRITY AND ETHICAL VALUES Codes of conduct and other policies regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behavior should be developed and communicated to all employees of the Company.
    The following are example control activities and includes ethics training:
    Codes of conduct and other policies regarding acceptable business practice, conflicts of interest, or expected standards of ethical and moral behavior should be documented.
    The codes should be periodically acknowledged by all employees.
    Commitment to integrity and ethics should be communicated throughout the organization, both in words and deeds.
    Employees should not be pressured to make improper decisions. Management should appropriately address ethical issues and integrity matters.
    In short, the existence of an Ethics Training Program may serve as evidence to support a sound control environment and the commitment to integrity. Additionally, Ethics Training Records may be used to corraborate training performed throughout the organization and included in the SOX process documentation to support the adequacy of the Control Environment.
    Hope this also helps,

  • This is but one (very important) part of entity-level controls that needs to be assessed. Would a company receive a failing grade on SOX if they were doing nothing? That all depends on the level of testing placed against other controls and the effectiveness of those controls. As noted above, this is not explicity required by SOX or COSO, but really cannot be overlooked if one wants to place heavy reliance on entity-level controls in order to reduce testing of other financial controls.

  • Thanks everybody… in my continued searching I have found that the real benefit of the existence of an ‘effective compliance and ethics program’ is found in the Federal Sentencing Guidelines where it is the first of two factors that can mitigate the ultimate punishment of an organization. The second factor is self-reporting, cooperation, or acceptance of responsibility. So while I am sure that SOX auditors would be pleased to see the existence of an ethics training program for the reasons listed above, the real benefit would come if there was trouble and a company could protect itself to a great extent by proving that the violation was an abberation in an otherwise ethically compliant organization.
    If my reasoning is flawed or anybody has any more info please let me know.
    Thanks again

  • and thanks to whoever moved this to the right forum.
    One last question: Where in the act (title, section) can I find the information on the operating environment and entity level controls??? I am still a total NewB at this and trying to familiarize myself with this behemouth of legislation :?

  • Hi Nate - Here’s a little on the topic of ‘Entity Level Controls’ as we shared yesterday:

  • One last question: Where in the act (title, section) can I find the information on the operating environment and entity level controls?..
    The Sarbanes-Oxley Act of 2002 does not address the operating environment or entity level controls. These are addressed in the control framework (COSO) that most companies have adopted to comply with SOX. So a complete reading of the Titles found in the SOX Act will not identify specific reference to the operating environment or entity level controls.
    Hope this further helps,

  • My reply to the ethics training is absolutely. At some point in a beauracracy whether governmental or corporate people have a choice that should be an informed decision.
    The choice is do I follow the law/contract or even common sense towards ethics or do I pass the buck, a conciencious decision,often done in an a atmosphere of potential retaliation and coercion.
    The scale of the problem from a that of of trivial to unignorable and definitely criminal, depends on the companies’ self regulation policies and the people who are in position to enforce them with knowledge and authority.
    My experience is in government where ‘Sovereign Immunity’ makes people actually behave like they are appointed by god, and whatever they do is with impunity, no matter what statutes say.
    Ultimately there are weasels that do anything they think they can get away with, and that is a personality type that will persist under any set of rules. Ethics training is a good way to avoid imputed, vicarious and direct liablilty due to the likes of these . Trianing makes the higher ups more able to respond to valid complaints, or face increased that liability for personal liability an issue, a motivating factor.
    My best cite is a NPR report discussing this as an employer problem. It considers the ‘individual’ that under no circumstances will be unethical and without remorse that are often not ‘weeded out’ as their violations help their job performance. As good a friend as a co-worker, subordinate or supervisor may be you have an obligation to set them straight without politics favorable or unfavorable to your own.

Log in to reply