Contact Us
Back to main menu
Services
Industries
Domains
Technologies
About Us
Resources

SOX and IFRS: Talking about Financial Reporting Standards with Elinext Experts

Anastasia TimoshenkoAnastasia Timoshenko
Anastasia Timoshenko
Senior IT consultant for FinTech and Banking Solutions
October 19, 2023

Transparent and reliable financial reporting serves as a window into a company’s operations and health, establishing the foundation of trust for stakeholders and investors. For the reporting to be truly meaningful and comparable across industries, these reports must adhere to robust guidelines and standards. While many such financial reporting standards exist, today we are going to talk about two most prominent ones with Elinext exerts — the Sarbanes-Oxley Act and International Financial Reporting Standards.

Let’s start with the Sarbanes-Oxley Act. What is the standard about?

To gain a clearer understanding of the standard, let’s trace its roots. In 2001, Enron, the most prominent company in the USA at the time, declared bankruptcy. Its management conducted questionable financial transactions, which were covered up by falsifying accounting reports. These malpractices went unnoticed by external auditors. Consequently, the Enron case highlighted the weakness of the internal control and audit regulations in place at the time, and the resulting vulnerability of shareholders of public companies to illicit actions by top executives.

As a result of the investigation into the bankruptcy of Enron and several other major firms, the Sarbanes-Oxley Act (SOX) of 2002 was signed on July 30, 2002. The law was named after its creators: Senator Paul S. Sarbanes (Democratic Party, Maryland) and House of Representatives member Michael G. Oxley (Republican Party, Ohio).

SOX is the most comprehensive securities legislation in America enacted since the Securities Exchange Act of 1934. According to this law, the requirements for internal controls and audits of public companies have been tightened.

What were the main changes reflected in SOX?

SOX introduced significantly stricter requirements for financial reporting and its preparation. In addition to that, the procedure for submitting reports for securities issuing companies changed. Companies were now required to present a wider range of information in their financial statements.

The law essentially addressed issues related to:

  • financial statement preparation;
  • internal control system assessment;
  • corporate governance;
  • auditor independence.

The law aims to protect investors by focusing on better financial reporting through improving transparency, minimizing fraud, and defining penalties for those who commit violations.

What is the area of application for SOX?

The law applies to all issuers, that is to all companies whose securities are registered with the U.S. Securities and Exchange Commission (SEC), no matter the company’s place of registration and operation.

The law’s jurisdiction extends not only to US-based companies but also to all enterprises established both in the USA and in any other country, whose securities are registered with the Commission. However, the law’s requirements do not affect firms, family businesses, or enterprises not listed on stock exchanges.

The law is not voluntary and failure to comply with it results in fines and legal prosecutions. For violating its provisions and standards, the law prescribes fairly severe penalties. For instance, if the company’s leader and financial director, having information that the financial statements do not meet the requirements of the law, still sign the financial statements asserting that the information in the report provides a true representation of the issuer’s financial status and results of operational activities, they are held accountable. Such actions result in a fine of up to $1 million and/or imprisonment for up to 10 years. If there was an intentional affirmation of such reporting, those individuals can be fined up to $5 million and/or face imprisonment for up to 20 years.

What are the main objectives of SOX?

SOX pursues the following goals:

  • oversight of financial reporting;
  • supervision of accounting principles;
  • supervision of internal control processes;
  • control over the selection and operation of external auditors.

Essentially, all law provisions boil down to two simple truths:

  1. Managers, auditors, and board members should act ethically and safeguard the interests of shareholders.
  2. The companies’ financial statements should accurately reflect the current status and offer investors enough details to independently evaluate the actual situation in the company.

What are the key provisions of the law?

  • Every company should have an obligatory code of corporate conduct, which is a set of standards intended to counteract abuse and promote principles of honest business conduct.
  • In boards of directors, the majority of members should be independent, and this is determined by strict criteria.
  • CEOs and CFOs are required to review all financial statements and are responsible for internal financial control.
  • The company’s executives are deprived of all bonuses and securities compensation in the case of severe regulatory complaints about reporting.
  • Companies are obliged to disclose off-balance sheet operations and connections with other companies in their reports.
  • The company’s management and employees are prohibited from any actions that might mislead the auditor.
  • Employees who report fraud are protected by the state and cannot be fired.

What are the key provisions regarding the company’s managers?

The law particularly highlights the importance of increased corporate accountability in financial reporting, its quality, and accuracy. It contains provisions concerning the liability of the CEO and CFO or those in comparable positions when presenting yearly and quarterly financial statements. Other requirements include:

  • The CEO and CFO of the company must personally attest to the financial statements with their signature, ensuring that the report is prepared in accordance with all the requirements.
  • Managers must implement a strong internal control system to ensure that financial reports are accurately prepared for investors.
  • If a manager tampers with a report resulting in misleading investors about the true state of affairs in the company, it will be considered a criminal offense with significant prison terms.
  • The provision of loans by the company to its top managers and any business relationships between the company and its managers are prohibited (with some exceptions).
  • Top managers are required to immediately (within 2 days) disclose their transactions regarding the purchase/sale of shares of the company where they work.

What are the key provisions regarding the members of the boards of directors?

  • The audit committee, under the company’s board of directors (or the board itself in the absence of a distinct committee), should select an auditor for the review of the financial statements.
  • Members of the audit committee under the board of directors must be independent of management (they should not be employees of the company).
  • The audit committee has the right to engage independent experts to support its activities.

What are the key provisions regarding external auditors?

  • Public Company Accounting Oversight Board (PCAOB): issuing audit work standards and ensuring that auditors comply with audit standards and meet the requirements of SOX. If serious violations are identified, PCAOB has the right to revoke or suspend the auditing licenses of individual specialists or auditing firms as a whole.
  • Auditing companies are prohibited from simultaneously providing consulting services to a client while also providing financial statement audit services (with rare exceptions).
  • During their assessment, external auditors must evaluate the efficiency of the company’s internal control system pertaining to financial statement preparation. The auditor’s report routinely includes their findings on the efficacy of this internal control system.
  • Audit project leaders must internally rotate at least every five years.

Ensuring rigorous internal control and audit-ready reporting is no easy feat. How do companies cope?

An important aspect of the law is that the significant responsibility placed on directors for reports submitted to the SEC and other federal agencies has led to an increase in software solutions aimed at reducing the complexity, time, and costs associated with creating reports. This allows directors and auditors to gather and analyze financial and other relevant data, including unstructured data, and produce the required reports. The accuracy and reliability of provided internal financial data enable top managers to manage their resources effectively.

To make financial documents clear and trustworthy, SOX mandates organizations to use cybersecurity measures. Specifically, companies must:

  • protect financial data;
  • control access to financial data;
  • identify fraud;
  • deliver an assessment of internal controls efficiency.

What are the internal controls necessary for SOX compliance?

The law emphasizes the importance of the internal control system. It mandates organizations to set up internal controls – procedures and guidelines that safeguard financial data’s accuracy and security while shielding the organization from fraud. The primary purpose of these controls is to identify, prevent, and counteract fraudulent or questionable financial activities.

It’s important to note that the law does not list a mandatory set of control tools. Thus, each company has the flexibility to independently choose which security mechanisms to implement.

Company leaders are required to document their assessment of the internal control system, detailing in the report all its significant deficiencies and the proposed measures to address them. The assessment, approved by the CEO and CFO, must be reviewed by external auditors, who are required to produce a separate conclusion that will be published alongside the company’s annual financial report.

What are the requirements of SOX?

The primary goal of internal control is to detect, prevent, and counteract fraud and suspicious actions with financial data. The law stipulates the following requirements:

  1. Implementation of an internal control system that is sufficient to ensure the security of financial data. For example, tracking how users handle confidential data, reviewing changes in documentation, and detecting potential security breaches using predefined and customizable alerts. Such systems can also include setting up detailed financial access control using access control tools; protecting user credentials with password management; and implementing multi-factor authentication.
  2. Reporting on the internal control efficiency — creating reports with the necessary data through sophisticated reporting tools.
  3. Legal prosecution of anyone who in any way falsifies financial documentation — continuous monitoring of all user actions to collect proof of falsification, and exporting this data for use as evidence in legal investigations.

Creating internal control reports is a crucial component of the SOX compliance audit procedure. Company staff must gather sufficient evidence that confidential data is protected and that no one interfered with it throughout the year. Therefore, there is a need to enhance the reporting process by creating reports with the required data and automatically generating various reports.

SOX isn’t the sole standard governing financial reporting. IFRS also plays a significant role, so let’s delve deeper into it.

International Financial Reporting Standards, or IFRS is a set of standards and interpretations that regulate the rules for preparing and maintaining financial statements.

IFRS aims to achieve global consistency in financial statements, allowing for comparisons across companies worldwide. Essentially, the International Financial Reporting Standards seek to unify accounting reporting irrespective of a business’s geographic presence. IFRS also provides a condition for the accessibility of reporting information for external users, such as banks, financial funds, investors, and business owners from different jurisdictions.

A report that adheres to the IFRS requirements serves as a hallmark of quality, confirming the reliability of the information provided.

What are the objectives behind the creation and global adoption of IFRS?

Broadly, the goals can be divided into three groups:

  • Transparency

The goal of IFRS is to make the operations of companies transparent in order to ensure the stability of financial markets and the development of the global economy.

  • Accountability

IFRS facilitates the consistent comparison of financial statements across companies worldwide. They are also a prerequisite for making reporting information accessible to external users, such as banks, financial funds, investors, and business owners from different jurisdictions.

  • Efficiency

Consistent reporting standards enhance economic effectiveness. By helping investors identify investment opportunities and risks, they reduce investment acquisition costs and improve the process of capital distribution among companies, economic sectors, and geographic regions.

Who develops IFRS?

The International Accounting Standards Board (IASB) is responsible for developing IFRS and defining the rules for a company’s reporting.

IFRS is mandatory for public companies based in more than 160 countries, including the EU, South America, and many Asian countries. But it’s worth mentioning that while IFRS has taken the place of numerous national accounting standards globally, it hasn’t supplanted the individual accounting standards in certain countries.

How do international standards differ from national ones?

International standards only establish the principles of financial reporting, meaning they prescribe what should be done, but not how. They determine how companies should conduct financial accounting, which business operations to reflect in it, and how to compile reports.

However, they do not contain a specific chart of accounts, primary documents, a list of entries, or strict rules for financial accounting. One could say this is a benefit of the international financial reporting standards as they significantly simplify the work of accountants and managers and allow for the application of these standards worldwide.

Each jurisdiction decides for itself which international standards are mandatory, for which organizations, and how often audits should take place. Then a regulatory body is appointed accordingly. Each country has its list of entities that are required to apply these standards, and typically these are the financial sector players, banks, insurance organizations, large companies, and private pension funds.

What are the types of international standards?

  • There are several types of international standards. To avoid confusion, they can be broadly divided into three groups:
  • IAS – International Accounting Standards. These are so-called “old” standards that were developed before 2004. In total, 41 IAS standards were developed.
  • IFRS – International Financial Reporting Standards. These are colloquially called the “new” standards that were developed after 2004. To date, 17 IFRS standards have been developed.
  • In essence and legal force, both the new and old standards are equivalent.
  • In addition to the standards, interpretations are also mandatory. Interpretations clarify certain issues related to the application of the standards.
  • IFRIC, SIC – Interpretations prepared by the International Financial Reporting Interpretations Committee and approved by the IFRS Council.
  • The validation process before adoption takes a bit more than 6 months and updates are made on a regular basis. You can find a complete list of standards here IFRS Standards.

What are the key principles of IFRS?

3 major principles of IFRS

Underlying assumptions:

●       Accrual basis

●       Going concern

Financial reporting quality criteria

●       Understandability

●       Relevance

●       Reliability

●       Comparability

Limitations

●       Timeliness

●       Balance between benefit and cost

●       Balance between qualitative characteristics

Let’s take a closer look at each principle starting with underlying assumptions.

Underlying assumptions include the accrual basis and going concern principles.

Accrual basis

Financial reporting is prepared based on the accrual method. According to this method, the results of transactions and other economic events are recognized at the time they happen, they are recorded in accounting at the same time and are reflected in the financial statements of the respective period. Financial reporting prepared using the accrual method provides users not only with information about already completed paid transactions but also about commitments to pay cash in the future, as well as anticipated future sources of cash inflow.

Going concern principle

When compiling financial statements, it’s typically presumed that the business is active and will remain operational in the foreseeable future. Thus, it is assumed that the enterprise has no intentions or needs to reduce financing for its main operations. If such intention or need exists, it will be disclosed in the preparation of the financial statements.

What are the quality criteria for financial reporting?

Quality criteria are the attributes of the financial reporting that make it useful for users. There are 4 basic criteria:

  • Understandability: This means that the information is comprehensible to users who have sufficient knowledge of accounting.
  • Relevance: The information implies that it will impact the decision-making process of users. In some cases, the nature of the information alone is sufficient for its disclosure, regardless of its significance. In other instances, significance matters when the omission or misrepresentation of information can affect the economic decisions of report users.
  • Reliability: The information is considered reliable if it does not contain significant errors and distortions and is impartial.
  • Comparability: The information should ensure comparability of financial reporting data both with previous periods and in relation to other companies. This means that any changes in accounting policy must be disclosed in such a way that this requirement is met.

What about limitations?

The last category is limitations that affect the formation of financial statements.

  • Timeliness: It is related to the need to properly balance the reliability and relevance of information. On the one hand, to meet the requirement of relevance, information should be collected for all business activities that have occurred. On the other hand, obtaining comprehensive and reliable information may result in delays in presenting the financial statements, which can consequently impact its relevance. Thus, it is recommended to find an optimal balance between these two requirements.
  • Balance between benefits and costs: This means that the benefits derived from the information should not exceed the costs of obtaining it. The process of weighing benefits against costs requires a professional assessment.
  • Balance between qualitative characteristics: This should be subject to the professional judgment of an accountant and should aim to satisfy the needs of financial statement users.

Additionally, in accordance with IFRS, the financial statement must include 4 reports:

  • Statement of Financial Position: Also known as the balance sheet. IFRS defines its various components and how they should be reported.
  • Statement of Comprehensive Income: This can either be one report or two separate ones; one for profit and loss and another for other income, such as capital assets.
  • Statement of Changes in Equity: This report, often known as the statement of retained earnings, provides detailed information about the change in the company’s income or profits over a pre-defined financial period.
  • Statement of Cash Flows: This document should summarize your company’s financial activities over a specified period of time, categorizing your cash flow into three categories: financing, operations, and investments. Recommendations for this report are provided in IFRS 7.

Alongside the primary financial reports, a company must also detail its accounting principles. Typically, the comprehensive report is evaluated against the previous one to underscore fluctuations in profits and losses. The parent company has the responsibility to produce distinct reports for every subsidiary and to consolidate these into a single IFRS financial statement.

Should a company choose to harmonize its financial statements with global standards, what actions it must follow?

The main steps are as follows:

  1. Formulating accounting policies.
  2. Choosing both a functional and a presentation currency.
  3. Calculating opening balances.
  4. Creating a model for data transformation.
  5. Reviewing the company’s organizational structure to pinpoint subsidiaries, affiliated entities, joint ventures, and associates for accounting purposes.
  6. Recognizing the distinct attributes of the company’s operations and gathering the requisite data for transformation corrections.
  7. Transitioning financial statements from domestic standards to align with IFRS.

Wrapping up

Today, we have covered key financial reporting standards — SOX and IFRS. While SOX emphasizes the importance of internal controls and accurate financial reporting for U.S. public companies, IFRS seeks to establish a common global language for financial transactions, ensuring comparability across borders.

Whether you are looking to build a solution to manage regulatory compliance or improve internal controls, having a business analyst with a strong understanding of applicable standards can guide software development teams to build solutions that will add strategic value to the company. At Elinext, we work with clients from different industries, helping them facilitate regulatory compliance and reduce the cost of operations. Through custom financial software solutions, we optimize workflows, automate repetitive tasks, and ensure that their systems remain in line with industry-specific regulations.

Contact Us
Contact Us