SOX Financial Reporting Compliance Checklist

The Disclosure Committee is responsible for reviewing all SEC filings, earnings releases, and other public disclosures for accuracy and completeness. Membership should include CFO, General Counsel, Controller, IR Director, and key business unit heads. Document the committee charter, meeting schedule, and voting procedures. Meeting minutes must be retained as evidence of the CEO/CFO certification process.

DC&P covers the processes that ensure information required to be disclosed in SEC reports is recorded, processed, summarized, and reported within the time periods specified. The CFO and CEO must separately evaluate DC&P effectiveness each quarter. Document the evaluation, including what information was reviewed, who participated, and the conclusion reached.

CEOs and CFOs certify quarterly and annually that: (1) the filing contains no material misstatements or omissions; (2) financial statements fairly present financial condition; (3) they are responsible for establishing and maintaining DC&P and ICFR; (4) they have disclosed all significant deficiencies and material weaknesses to the Audit Committee. Support each certification with sub-certifications from process owners. False certifications carry criminal penalties up to 20 years.

Management must assess ICFR effectiveness as of fiscal year-end and include that assessment in Item 9A of the 10-K. The assessment must identify the framework used (COSO 2013), state the scope of the evaluation, disclose any material weaknesses identified, and conclude on overall ICFR effectiveness. The SEC has brought enforcement actions for vague or unsupported ICFR conclusions.

Accelerated filers (public float ≥ $75 million) must have their external auditor attest to and report on management's ICFR assessment. Non-accelerated filers are exempt. Engage your auditor early in Q3 to align on scope, testing approach, and timeline. Material weaknesses identified by the auditor that management did not identify independently signal a deficiency in the management assessment process itself.

Current report triggers include: material definitive agreements, bankruptcy, amendments to code of ethics, departure of directors/officers, amendments to charter/bylaws, and unregistered securities sales. Review the complete list of 8-K triggers (Form 8-K general instructions) at least annually and assign a business owner responsible for monitoring each category. Most 8-K events must be filed within four business days.

Document the process your company will follow if a restatement becomes necessary: materiality assessment, engagement of external counsel, Audit Committee notification, SEC filing procedures (NT 10-K/10-Q, then amended filing), and investor communication. Test the protocol annually in tabletop exercises. Companies without a documented protocol make longer, more costly restatements.

Non-GAAP measures (Adjusted EBITDA, free cash flow, etc.) are subject to SEC Regulation G and Compliance & Disclosure Interpretations. Controls must ensure: (1) reconciliation to the most directly comparable GAAP measure; (2) equal or greater prominence for GAAP measures; (3) no presentation of non-GAAP per share liquidity measures. Include non-GAAP controls in your DC&P evaluation.

Earnings guidance and forward-looking statements must include meaningful cautionary language referencing actual risks that could cause results to differ (not boilerplate). The Disclosure Committee should review all guidance for accuracy and completeness. Document the basis for guidance assumptions, including sensitivity analysis for key variables. Maintain records of guidance approval.

Significant accounting estimates (goodwill impairment, revenue recognition, pension assumptions, loss contingencies, stock-based compensation) require documented management review at each period end. Review should assess whether assumptions remain appropriate given current conditions, whether the estimate falls within a reasonable range, and whether disclosure adequately explains the sensitivity of the estimate.

Consolidation controls are a frequent source of material misstatement. For each legal entity, document the trial balance review process, the intercompany elimination process, and the controls over foreign currency translation. Validate that eliminations are complete (no intercompany balances remaining) and that translation rates are applied consistently.

The tax provision is consistently one of the most complex estimates on the income statement. Controls must cover: current and deferred tax calculations, uncertain tax positions (ASC 740-10), valuation allowances, effective tax rate analysis, and schedule M adjustments. Significant changes in tax law (like TCJA or Pillar Two) require immediate reassessment of existing controls.

All related-party transactions must be identified, evaluated for disclosure, and approved through the appropriate approval process. Controls should require all officers and directors to certify related-party relationships at least annually. Related-party transactions that are material or unusual must be disclosed in the notes. The Audit Committee must review all related-party transactions under most governance frameworks.

Debt covenant compliance must be monitored continuously, not just at reporting dates. Establish a covenant tracker updated by Treasury monthly with threshold alerts. If a covenant violation is probable within 12 months, assess going concern disclosure requirements under ASC 205-40. Failure to disclose probable covenant violations is a material misstatement.

Events between fiscal year-end and the filing date must be evaluated for recognition or disclosure under ASC 855. Assign a process owner responsible for collecting subsequent event information from all business units. Establish a cutoff procedure — typically two to three business days before filing — for receiving subsequent event information. Document the review and retain evidence.

Inline XBRL is required for all domestic registrants filing 10-K, 10-Q, and 8-K financial statements. Controls must verify that XBRL tags match the face of the financial statements, that custom tags are used only when no standard tag exists, and that the iXBRL viewer renders correctly. XBRL errors trigger SEC comment letters and can delay acceptance of filings.

Regulation FD prohibits selective disclosure of material nonpublic information. Train all personnel who interact with investors, analysts, or journalists on what constitutes material information, how to respond to inquiries about non-public topics, and how to escalate potential FD issues. Document training attendance. Companies have paid multi-million dollar SEC penalties for individual employee Reg FD violations.

SOX Section 802 makes it a federal crime to knowingly alter, destroy, or conceal documents relevant to an SEC investigation. Maintain a document retention policy with a seven-year minimum for all audit-related records, financial statements, certifications, sub-certifications, and correspondence with external auditors. Ensure litigation hold procedures can be activated within 24 hours.