Two provisions of SOX do actually apply to nonprofits as mandatory legal requirements (rather than optional best practices). These two provisions of the law include adopting the following:
Whistle-blower policies: Because of SOX, boards of nonprofit organizations are required to develop formal procedures for handling complaints about financial misdeeds within the organization. They’re also required to prevent retaliation against those who come forward to report these misdeeds. Under the law, nonprofits are also required to make sure that complaints are investigated. They must document that corrective actions have been taken.
Whistle-blower policies: Because of SOX, boards of nonprofit organizations are required to develop formal procedures for handling complaints about financial misdeeds within the organization. They’re also required to prevent retaliation against those who come forward to report these misdeeds. Under the law, nonprofits are also required to make sure that complaints are investigated. They must document that corrective actions have been taken.
Document retention and destruction policies: SOX requires nonprofit organizations to have written, mandatory document-retention and periodic-destruction policies that include guidelines for electronic files and voicemail. The policies must specify that if official investigation is contemplated, those who destroy documents that are relevant to the investigation will be subject to stringent criminal penalties. If you even suspect any illegal activity, stop the document shredders immediately in order to avoid criminal obstruction.
