Not just for public companies: 5 ways SOX can help high-growth startups
SOX compliance may seem like a dry topic, but this crucial step on the road to going public can be transformational for high-growth companies — if they approach it in the right spirit.
First, some background. The Sarbanes-Oxley Act of 2002 established new requirements for public companies designed to surface errors in financial reporting that could distort financial statements and hurt investors in a public company. The law came in response to Enron and other accounting scandals and established real consequences for noncompliance, including jail time.
Preparing for SOX compliance is a necessary step for any startup seeking to go public (or to get acquired by a public company). But SOX compliance is more than just a series of hoops to jump through. This framework can help startups grow from adolescence into adulthood by mitigating the risk of costly errors, surfacing ways to make the business more efficient, and ultimately helping them understand their business more thoroughly.
Here are five ways SOX compliance can help a high-growth startup:
1. Making the business run more efficiently.
As part of the SOX compliance process, businesses have to go step by step through their business processes to identify places where serious errors could occur. Understanding business processes can help them identify ways (including new software tools) to make those processes more efficient.
I once worked with a company with more than 60 different cash and money market accounts. During the SOX compliance process, they discovered two different people were both reconciling those accounts manually every month. They eliminated that duplicated effort and automated part of that complicated process, freeing up an enormous amount of time for other work.
This process also minimizes opportunities for internal fraud, which can happen at companies of any size. Consider how easy it would be for two departments — say Receiving and Accounts Payable — to collude to steal money. If an invoice went missing with a corresponding missing item from the warehouse, nobody might ever know. Segregating those duties would surface that fraud faster.
2. Getting a more accurate picture of the health of a business.
When a business establishes consistent processes, the data it’s gathering about everything from sales to its tax bill becomes more accurate and thus more valuable. Controls drive consistency, and consistency drives benchmarks.
For example, instead of recording sales whenever a team has a minute to sit down and do it, they can establish a consistent process for recording sales at the moment a contract is signed. That consistency provides more accurate data for better decision-making and a clearer picture of long-term growth.
3. Finding better ways to assess employee performance.
Better benchmarks also create better performance assessments for teams. Measuring performance becomes less qualitative and more quantitative. Let’s take the sales team as an example again. Once a business has created a consistent process for recognizing sales — when a contract is signed or when payment is received — that eliminates the temptation for a team or individual to pull pending sales forward to beef up a lackluster quarter. The business knows every salesperson is recording their sales the same way, and when comparing performance across the team, the comparison is fair and accurate.
4. Making it possible to scale.
Small companies are driven by people. Big companies are driven by systems. When processes are informal, individuals can keep crucial information in their heads — like the VP of tax who knows every little thing about the company’s tax position. Without consistent, repeatable processes in place, that one VP can become a bottleneck for getting things done. Everything has to be run by her personally. And what happens when she leaves the company, wins the lottery, or gets hit by a bus?
Creating systems allows businesses to slot new people into key roles when necessary. If the business has clear systems and everything is documented, it’s much easier to grow a department quickly, because new people will be able to hit the ground running.
5. Starting the cultural shift from the startup mentality to the mature company mentality.
At one company we took through the SOX compliance process, the VP of tax got so fed up with the new paperwork requirements that he complained, "Do you want me to wear a GoPro and record everything I do?!"
The startup life isn’t for everyone, but the people who love it, love it — and some people who loved the all-night hackathons of the startup phase will find working in a more formal company tedious. Starting to establish the systems a public company will need early will help identify those people, and either change their minds or exit them. When the company eventually does go public (or gets acquired), everybody should be fully aligned and pulling in sync.
SOX compliance, as dry as it may seem, can help companies tackle those crucial people issues early, so they’re ready for their next phase of growth.
Daniel Kim, CPA, is co-founder and co-CEO of cloud audit management solutions company AuditBoard, and Ben Lindner, CISA, is manager of solutions advisory services at AuditBoard.