Acquiring Edit Lock
is currently editing this page.

Find out what SOX means for US nonprofits

After the well-publicized corporate scandals of Enron, Tyco and WorldCom in the early 2000s, the U.S. Congress passed the Sarbanes-Oxley Act of 2002 (SOX). With its focus on significantly improving corporate transparency and accountability, you might wonder what SOX has to do with nonprofits.

As it turns out, the answer is plenty.

There are two key elements of SOX that impact nonprofit governance directly: document retention and destruction guidelines and whistleblower protection. And while not explicitly directed at nonprofits, a number of other articles in SOX warrant a closer look.

Document retention and destruction guidelines

Most SOX provisions are directed only to U.S. corporations that report under the Securities and Exchange (SEC) Act of 1934. Still, the document retention and destruction guidelines apply to a broader span of corporate entities, including nonprofits. It's worth noting the precise wording of the law on this point:

"Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States ... shall be fined under this title, imprisoned not more than 20 years, or both."

The penalty is stiff for not complying with the law. But how do you ensure that you're retaining documents in good faith? Although there are no explicit document retention schedules in SOX, a number of organizations have come up with guidelines for nonprofits — including the Charities Review Council, the American Institute of CPAs and various state nonprofit councils.

General document retention guidelines are as follows:

  • Keep these documents permanently: documents related to the organization's incorporation and ongoing compliance with the IRS, tax documents, annual audits and year-end financial statements, payroll records, insurance policies, real estate deeds and board minutes
  • Keep these documents for seven years: accounts payable and receivable records, general ledgers and journals, expired contracts and agreements, accident reports and withholding tax statements
  • Keep these documents for three years: employment applications, timesheets and general correspondence

Whistleblower protection

SOX provides straightforward whistleblower protection for SEC corporations and nonprofits alike. Any person who offers evidence of known or suspected legal wrongdoing is protected from retaliation, including employment termination. The penalty for retaliation is a fine and/or prison sentence up to 10 years.

Voluntary compliance with broader goals of the law

Even though most SOX provisions aren't applicable to nonprofits, a growing number of states have enacted their own legislation that makes nonprofits more accountable for their financial and governance structures.

California, for example, enacted legislation that requires nonprofits with revenues of $2 million or more to conduct independent audits — a key requirement of SOX for SEC corporations. On top of that, these same nonprofits must have executive compensation reviewed and approved by their trustees to ensure reasonable compensation levels. Several other states have passed similar laws.

If your state isn't among those that have enacted laws that answer to the broader goals of SOX, it's still a good idea to align your organization's practices with the spirit of the law. You might:

  • Increase oversight of financial reporting. Have your CFO and CEO sign off on any financial documents and verify accuracy and timeliness of filings.
  • Hire an independent auditor for annual financial audits. To take it a step further, consider changing external auditors every five years or forming an audit committee for this purpose.
  • Draft a strong conflict of interest policy. Once in place, consistently enforce the policy.
  • Guard against self-dealing. For example, refrain from making loans to board members.
  • Make your financial operations as transparent as possible. Make all financial audits and other related documents freely and easily available to the public. Many organizations choose to publish this information on their websites.

Supporting transparency and accountability around financial practices and organizational governance shows trustworthiness and professionalism to volunteers, donors and other stakeholders.

This article draws on the expertise of Grace Davies, a Minneapolis-based attorney with special interest in product liability, medical malpractice and employment discrimination.



MissionBox editorial content is offered as guidance only, and is not meant, nor should it be construed as, a replacement for certified, professional expertise.



Hurwit & Associates: Sarbanes-Oxley and nonprofit organizations by Tracey Bolotnick

National Council of Nonprofits: Sample document retention and destruction policy



Librarian, freelance researcher and nonprofit enthusiast