The American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act, or “Sox” for short, was signed into law on July 30, 2002. The Act was passed in response to several corporate scandals (think Enron) and was intended to rebuild public trust in the corporate sector.
Although most provisions of Sarbanes-Oxley apply only to public companies, at least two provisions apply to nonprofit organizations: provisions prohibiting retaliation against whistleblowers and prohibiting the destruction, alteration or concealment of certain documents or interference with investigations.
Because of this, even small, nonpublic or nonprofit businesses and organizations should have what is commonly called a whistleblower policy as well as a document retention/destruction policy.
A whistleblower policy is what it sounds like… a policy that encourages individuals to “blow the whistle” on suspected illegal or unethical behavior within the organization that they are employed by, and the process that they should follow to report the suspected violations. It should include a promise of non-retaliation against the whistleblower (i.e. that the organization will not take any action against that person for coming forward to report the perceived violation), as well as a promise to investigate the alleged behavior and correct it if found to be valid. This policy should be included in the employee handbook (assuming there is one), or made available to all employees in some other manner (e.g. posting on an internal bulletin board).
The document retention/destruction policy is a listing of records to be retained for what period of time, to meet standard auditing requirements and regulatory requirements. It should specify that records are not to be destroyed which pertain to matters that are being litigated or are expected to be litigated, as well as documents that pertain to matters under investigation by a governmental entity.
Even if these policies were not required to be present under “Sox”, it makes sense to have them in maintaining a compliant organization and one that fosters a positive image in the eyes of customers, donors, investors and the general public.