Sarbanes-Oxley

The Sarbanes-Oxley Act (SOX or SarBox) is the public company accounting reform and investor protection act signed by President George W. Bush on July 30, 2002.

The Act resulted from high-profile business failures, to reinforce investment confidence, and to protect investors by improving the accuracy and reliability of corporate disclosure. Named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, it also sets a number of deadlines for compliance.

The Sarbanes-Oxley Act, which is mandatory for all public corporations, is arranged under 11 titles and has a material effect on corporate health benefit programs. In terms of compliance and employee health benefits, the most important sections are often considered to be 302 and 404.

Section 302 calls for the certification of company quarterly and annual filings.

Section 404 requires companies to certify they have established, maintained and annually assess the effectives of internal controls.

The structure of employee health plans often obscures the view of benefit costs and internal controls that the Sarbanes-Oxley Act demands. HDM's service, BenefitsWatch effectively assesses your administrator's internal controls and your risk associated with self-insuring employee health benefits.

Summary of Section 302
This section is listed under Title III of the act, and pertains to corporate responsibility for financial reports. Periodic statutory financial reports are to include certifications that:

• The signing officers have reviewed the report;
• The report does not contain any material untrue statements or material omissions or can be considered misleading;
• The financial statements and related information fairly present the financial condition and the results in all material respects;
• The signing officers are responsible for internal controls, have evaluated these internal controls within the previous 90 days and have reported on their findings;
• Deficiencies in the internal controls and information on any fraud that involves employees who are involved with internal activities are reported; and
• Any significant changes in internal controls or related factors that could have a negative impact on the internal controls are made.

Organizations may not attempt to avoid these requirements by re-incorporating their activities or transferring their activities outside of the United States.

Summary of Section 404
This section is listed under Title IV of the Act (Enhanced Financial Disclosures), and pertains to management’s assessment of internal controls. Issuers are required to publish statements in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures. A registered accounting firm shall, in the same report, attest to and report on the assessment on the effectiveness of the internal control structure and procedures for financial reporting.

Section 404 requires each annual report of an issuer to contain an "internal control report," which shall state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

Each issuer's auditor shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this section shall be in accordance with standards for attestation engagements issued or adopted by the corporation’s Board. An attestation engagement shall not be the subject of a separate engagement.

Compliance with Sarbanes-Oxley need not be a daunting task. Like every other regulatory requirement, it should be addressed methodically, via proper analysis and study. HDM assures Sarbanes-Oxley Compliance, and our BenefitsAudit and BenefitsWatch services effectively assess your Administrator's internal controls and your risk associated with self-insuring employee health benefits.