Personal liability regarding SOX 2610



  • Has a question come up in your company not accounting firms, but industry whether there is liability coverage for employees for any errors made related to testing? What are your viewpoints on this?



  • Can remember discussing it many moons back and the consensus was that this wouldn’t be necessary. The obligations of SOX fall on management and it is difficult to see where a failure in testing could result in liability for an employee because it is management’s accountability to operate the system of internal control.
    Employees who fail to competently perform their job could, obviously, face HR action internally but this should not result in an external liability.



  • What level of employees would be considered ‘management’? Does that normally only refer to CEO and CFO who actually sign the certification?
    My initial thoughts were that, someone (lower on the food chain) wouldn’t be criminally liable for errors unless it was intentional and fraudulent. The same rigor with which we treat any other accounting record that we process would be similar to any internal ‘SOX test’ that we perform. So if we performed them in good faith, an error is an error and not a crime. Would you view it that way too?



  • Hi,
    The SEC specifically defines the format of the OFFICER certifications required by the Principal Executive Officer and Principal Financial Officer.
    www dot sec.gov/rules/final/33-8124.htm
    Management and other non-officer positions are not required to certify in writing and do not have personal liability.
    I think that for this reason, most companies do not take out Director and Officer (D and O) insurance for other management employees.
    Some companies might choose to require responsible subordinate officers to complete backup certificates as an added measure of compliance and responsibility for the ICFR, but this is elective and is not required by law.
    I hope that this further helps,
    Milan



  • What level of employees would be considered ‘management’? Does that normally only refer to CEO and CFO who actually sign the certification?
    My initial thoughts were that, someone (lower on the food chain) wouldn’t be criminally liable for errors unless it was intentional and fraudulent. The same rigor with which we treat any other accounting record that we process would be similar to any internal ‘SOX test’ that we perform. So if we performed them in good faith, an error is an error and not a crime. Would you view it that way too?
    That would be my understanding of how things should work.
    However, I am not aware of this being tested in court yet.


Log in to reply