The Sarbanes-Oxley (SOX) Act of 2002 represents landmark legislation in the world of corporate compliance, securities and capital markets, and overall organization governance and responsibility.
UPMC's voluntary compliance with the legislation marks the first nonprofit ever to meet these rigorous accounting rules intended for corporate America.
This last requirement, known as Section 404, has had one of the largest impacts on corporations in America. Companies impacted have initiated projects to document, assess the gaps over, remediate, and test the internal controls over financial reporting (ICOFR). In addition, each company must assert as to its findings resulting from this process and that the ICOFR are adequate within the parameters established by the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC).
As a not-for-profit organization, UPMC is not required to comply with the regulations established by SOX. However, UPMC and its Board of Directors has determined that voluntary compliance with SOX is in the best interest of the organization. UPMC initiated a project in June 2004 to comply with the key components of SOX. Among the activities included in this project are:
- Identification of the key business operations and locations for inclusion
- Development of an entity-wide ICOFR documentation program
- Completion of a pilot ICOFR documentation project
- Initiation of ICOFR documentation within the key business operations and locations
- Initiation of a gap analysis over the ICOFR documentation components
Within the not-for-profit industry segment, UPMC is leading the way in adopting the requirements of SOX. Many organizations have begun to realize the value to be gained through an assessment of internal controls over financial reporting. In fact, organizations such as UPMC see it as making good business sense. However, while others have waited, UPMC decided it was time to act.