The voluntary application of SOX to associations is the number one topic according to a recent survey of Association issues. SOX has been in the news recently as a result of a GAO report and an SEC report on its effect on small companies. See www.sec.gov and www.gao.gov. Senator Demint of South Carolina has also introduced legislation to help small companies comply with SOX. It is also effecting the transatlantic merger of the NYSE and Euronext as European Governments express concern over incurring SOX requirements. See NYT of June 15,2006 at page C1. As desirable as it is, the costs associated with SOX audits are prohibitive for smaller associations but may be very effective for larger associations. The focus of concern has been on the section 404 requirement that includes a self assessment of internal controls and an auditor’s certification of that self assessment. The costs of those audit certifications have been much higher than expected but are going down as firms and auditors gain experience. The directors of an association may find it comforting to have such audit comfort but at what cost?

Public companies are required to comply with SOX but voluntary compliance is something not much discussed. There are two elements to the cost of such a voluntary audit. The first is the actual work done in reviewing the firm’s controls but the second is the attendant liability for the auditors. While we can assume it is less than for a public company, it does expose the auditor to all the association members and the government authorities if they are found negligent. The association’s officers and directors should assess whether voluntary SOX is the most efficient way to assure internal controls. There are many critics in the corporate accounting sector who do not like SOX especially as applied to small companies. They contend there are no realistic frameworks for the internal control audits because the COSO model is not adequate and its applicability to associations, especially smaller associations is even more questionable. Plexus believes that management together with their accountants can learn some lessons from SOX without being SOXED.

Internal controls have been around for a long time in the public sector and for financial institutions. They are an internal set of guidelines designed to insure that a firms books and records remain sacred. They can be as simple as a check disbursement policy or as complex as policies on the privacy of company records. An association that takes in member funds must insure that those funds are properly used and accounted for. There must be internal checks on management’s disbursal of the funds and an internal audit department is important, as is an independent audit committee. Control of management travel and entertainment expense is vital as is the audit of all contracts. Hiring consultants to independently assess the association’s internal controls mat be useful. The key though is substance over form. In today’s environment any suggestion of the misuse of member funds will result in aggressive including criminal prosecution. If you can afford a real SOX audit you should consider one. If you can’t afford one an aggressive internal assessment is a good alternative. If you think nothing is required you are placing your professional career in jeopardy.

Peter J. Chepucavage, Esq. is a corporate attorney at Plexus Consulting Group, LLC, Washington, D.C.

E-mail: pchepucavage@plexusconsulting.com.