SOA and Boards of Education 1484

  • Can anyone tell me whether a Board of Education (BOE) is subject to the Sarbanes-Oxely Act? My town’s BOE has requested funds for a new position specifically to deal with SOA and other types of filings/reporting. I was told by a CPA that a BOE is not subject to the SOA.

  • Hi Lilly and welcome to the forums 🙂
    While I agree with the CPA’s statement. SOX compliancy is required for companies reporting specifically to the Security and Exchange Commission (SEC) as a publicly traded company.
    It is not required by a government agency. The only idea I could think of is maybe the BOE has voluntarily adopted some of the SOX controls and best practices? It would indeed be worth exploring the reasons why this position might be needed.
    Below is some background informaton:
    The Sarbanes-Oxley Act of 2002, sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley, represents the biggest change to federal securities laws in a long time. It came as a result of the large corporate financial scandals involving Enron, WorldCom, Global Crossing and Arthur Andersen. Effective in 2006, all publicly-traded companies are required to submit an annual report of the effectiveness of their internal accounting controls to the SEC.
    The Sarbanes-Oxley Act primarily deals with truth in financial reporting. Among other things, Sarbanes-Oxley established a Public Company Accounting Oversight Board (PCAOB), which operates under the Securities and Exchange Commission (SEC). Sarbanes-Oxley requires companies to both report on their finances and to be checked by independent auditors.

  • Thanks for the information, Harry. Sigh…keeping up with our BOE may be almost as arduous as SOX compliance. Thanks again. Lilly

  • Harry is correct. SOX does not apply to governmental entities.
    The Sarbanes-Oxley Act of 2002 applies to a company that is subject to the reporting requirements of the Securities Exchange Act of 1934 (an ‘issuer’) and is required to include in its annual report a report of management on the company’s internal control over financial reporting.
    Registered investment companies, issuers of asset-backed securities, and nonpublic companies are NOT subject to the reporting requirements mandated by Section 404 of the Sarbanes-Oxley Act of 2002 (the ‘Act’) (PL 107-204).
    The report of management is required to contain management’s assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the company’s most recent fiscal year, including a statement as to whether the company’s internal control over financial reporting is effective. The auditor that audits the company’s financial statements included in the annual report is required to attest to and report on management’s assessment.
    The company is required to file the auditor’s attestation report as part of the annual report. Note: The term issuer means an issuer (as defined in Section 3 of the Securities Exchange Act of 1934), the securities of which are registered under Section 12 of that Act, or that is required to file reports under Section 15(d) of that Act, or that files or has filed a registration statement with the Securities and Exchange Commission (‘SEC’ or ‘Commission’) that has not yet become effective under the Securities Act of 1933, and that it has not withdrawn.
    The text above was excerpted from Audit Standard No. 2 from the PCAOB.
    Hope this further helps,

  • Another thought: If the school system floats public debt, the system may fall into the SOx requirements. In a previous thread, we discussed what entities actually are covered by SOx, and, as it turns out, the SOx net is much broader.
    Also, government agencies, and other recipients of federal awards AND sub-recipients are subject to OMB Circulars A-123 and A-133. Where generally:
    A-123 = SOx Section 404(a), and
    A-133 = SOx Section 404(b).
    Just because a scholl system and the BoE does not fall into SOx, there very well may be requirements to have a documented and tested system of financial controls.
    If you need introductory information on A-123 requirments, Protiviti has a nice FAQs brochure in PDF. If you need it and cannot find it on their www site, let me know and I’ll send a copy to you directly.
    Hope this helps.

  • John indeed shares an interesting idea, as I was trying to think of some indirect relationships the BOE might have with publicly traded firms. There might be a valid reason and it’s always good to know ‘why’ in unusual circumstances like this.

  • Thanks, John. I found the site and I think it will give me the information I need to ask the right questions. Everyone has been incredibly helpful.
    Best regards,

  • OMB Circular A-123
    The passage of the Sarbanes-Oxley Act of 2002 (SOA) served as an impetus for the federal government to re-evaluate its policies relating to internal control over financial reporting and management’s related responsibilities. The result was the release of a revised Office of Management and Budget (OMB) Circular A-123 in December 2004. This revised OMB Circular A-123 adopts much of what is contained in SOA Section 404.
    The link below might be useful to further research A-123 and its requirements:
    Hope this helps,

  • A useful and comprehensive (70-page) implementation guide and document (see link below) was developed by the US Dept. of Commerce with input from the the US Chief Financial Officers Council.
    The Protiviti FAQ referenced earlier and this implementation guide should provide you with useful information to plan and execute compliance efforts.

  • Very interesting … as you learn something new everyday 🙂
    So based on the OMB A-123 circular, governmental agencies are partially adopting some SOA standards , namely the SOX 404 standards that center around IT Best practices and controls.

  • Interesting indeed, Harry.
    In fact, I have read a few federal agency’s Inspector General audit reports where they <u>specifically</u> recommend SOx as a guide for ‘best practices’.
    Despite the fact that everyone (except in this forum) is decrying SOx for being too complicated, following a well applied and tailored SOx approach (with COSO and COBiT as guides) is applicable to all organizations.
    Just my USD0.02

  • Why Reinvent the Wheel?
    A brief scanning of the 70-page implementation guide noted above highlights that the majority of the implementation actions in the document mirror the steps necessary to comply with SOX.
    The Implementation Guide suggests a Planning Phase, Evaluation Phase, and Testing Phase. It also includes example document deliverables including a Control Matrix, and Risk Assessment. The typical financial statement assertions (PREVC) are also there.
    Coincidence or contrived, you decide.

Log in to reply