krishnacreations - Fotolia

Manage Learn to apply best practices and optimize your operations.

Will the Sarbanes-Oxley whistleblower update affect compliance?

Sarbanes-Oxley Act compliance is important for firms to maintain. Expert Mike Chapple explains how to keep up with the new whistleblower update.

With the latest Sarbanes-Oxley whistleblower provision expanding, it seems like firms of every size and type will have to prepare themselves. This could mean huge costs and compliance burdens. What steps can firms take to minimize these costs and burdens while remaining compliant with SOX?

The Sarbanes-Oxley Act (SOX), passed in 2002, protects shareholders and the general public from accounting errors and fraudulent practices within the enterprise, and provides protection for employees of publicly traded companies who bring misdoing to light. Specifically, the law prohibits public companies from terminating or retaliating against employees who provide information or assist in an investigation conducted by a federal agency, member of Congress or the company's internal regulators. If an employee feels that he or she qualifies for whistleblower protection and has been the subject of retaliatory action, he or she may file a complaint with the Occupational Safety and Health Administration (OSHA).

For the past 12 years, this whistleblower protection has applied only to companies that were regulated by SOX. For the most part, this means publicly traded companies. Private firms are not usually subject to SOX so the whistleblower provisions did not apply. On March 4, 2014, the United States Supreme Court issued a decision in the case of Lawson vs. FMR LLC. In this ruling, the Court found that the whistleblower provisions of SOX extend to private firms that are working under contract for public firms regulated by SOX.

What does this mean for private firms? Probably not much. Unless a firm is in the habit of retaliating against whistleblowers, there won't be a significant regulatory burden from this decision. Every firm that is directly or indirectly subject to the SOX whistleblower provision should consult with its HR department to ensure supervisors receive adequate training on the protections afforded to whistleblowers. In addition, supervisors should be briefed on their responsibilities to protect whistleblowers after any regulatory incidents occur. This doesn't need to be a costly training program. For example, someone from Human Resources might create a 10-minute "road show" and bring it around to managers' meetings.

Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Next Steps

Mike Chapple gives some SOX program management best practices

This was last published in November 2014

Dig Deeper on Security audit, compliance and standards