The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act responds to a number of high profile corporate scandals, involving Enron, WorldCom, Arthur Anderson and others. The (US) Act radically redesigned federal regulation of public company corporate governance and reporting obligations. It also significantly tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel.

The original guidelines

The The original guidelines are clearly consistent with the Committee of Sponsoring Organizations (COSO) Framework for regulatory compliance and risk management. COSO requires risk assessments, a control-based environment, control-based activities, information and communication procedures and a monitoring mechanism for the control environment.

The seven original guidelines are:

1. Establish Procedures - companies must establish compliance standards and procedures to be followed by all employees.
2. High-Level Oversight - at least one "high-level" individual must be assigned overall responsibility for compliance.
3. Use Due Care - organizations must not delegate "substantial discretionary authority" to individuals who have engaged in illegal activities.
4. Communicate Standards - organizations must communicate standards and procedures to all employees.
5. Monitor - organizations must take "reasonable steps to achieve compliance" with their own standards.
6. Enforce Consistently - standards must be enforced consistently through disciplinary mechanisms.
7. Response And Prevention - organizations must take "all reasonable steps" to respond appropriately to violations, and must act to prevent similar offenses.

The new guidelines

The 10 recently released additional guidelines reinforce the recently updated risk management requirements specified by COSO. The intention is to provide the US District Courts and legal counsel with a comprehensive set of high-level guidelines in order to adjudicate cases brought forward for their review under the Sarbanes-Oxley Act in 2005.

The 10 new guidelines are:

1. Tone At The Top - an organizational culture that encourages a commitment to compliance with the law;
2. Conduct And Internal Control - standards of conduct and internal control systems that are reasonably capable of "reducing the likelihood of violations of law"
3. Leadership Accountability - responsibilities of an organization's governing authority and organizational leadership for compliance
4. Resources And Authority - resources and authority for individuals with the responsibility for implementation of the program
5. History Of Violations - objective requirement for determining if there is a "history of engaging in violations of law"
6. Conduct Training - training and the dissemination of training materials and information within the definition of an "effective program"
7. Evaluate Programs - "periodic evaluation of the effectiveness of a program" to the requirement for monitoring and auditing systems
8. Whistleblower System - a mechanism for anonymous reporting
9. Encourage Employees - system for employees not only to report actual violations, but to "seek guidance about potential" violations, in order to more specifically encourage prevention and deterrence of violations
10. Risk Assessment - ongoing risk assessments as part of the implementation of an "effective program."