What It Is

Sarbanes-Oxley Act of 2002 (SOX) is a U.S. federal statute regulating public company financial disclosures and governance. Enacted post-Enron scandals, it protects investors via accurate reporting. SOX uses a risk-based, control-oriented approach emphasizing internal controls over financial reporting (ICFR).

Key Components

• **11 TitlesPCAOB oversight (Title I), auditor independence (Title II), certifications (Title III), disclosures (Title IV), penalties (Titles VIII-XI).
• Core sections: 302/906 (CEO/CFO certifications), 404 (ICFR assessment/attestation).
• Built on COSO framework for controls.
• Annual compliance with management reports and audits.

Why Organizations Use It

• Mandatory for U.S. public issuers; exemptions for smaller filers.
• Mitigates fraud, enhances trust, lowers capital costs.
• Drives governance maturity, M&A readiness.
• Builds stakeholder confidence via transparency.

Implementation Overview

• Top-down risk scoping, documentation, testing, monitoring.
• Key activities: control design, ITGC, remediation.
• Applies to public companies; scales by size.
• Requires PCAOB auditor attestation for most.

What It Is

The GRI Standards (Global Reporting Initiative Standards) form a modular framework for sustainability reporting. They enable organizations worldwide to disclose significant economic, environmental, and social impacts through an impact-centric materiality approach, prioritizing actual and potential effects on stakeholders over purely financial concerns.

Key Components

• Universal Standards (GRI 1: Foundation, GRI 2: General Disclosures, GRI 3: Material Topics): baseline for all reports.
• **Sector Standardsindustry-specific material topics (e.g., Oil & Gas, Mining).
• **Topic Standardsmetrics for issues like emissions (GRI 305), waste (GRI 306), occupational health (GRI 403). Core reporting principles (accuracy, balance, verifiability) underpin compliance via "in accordance" claims and mandatory GRI Content Index; no certification required.

Why Organizations Use It

• Regulatory alignment (e.g., EU CSRD) and risk mitigation.
• Enhances comparability, benchmarking, and stakeholder trust.
• Drives governance of HES impacts and supply chain due diligence.
• Supports strategic decisions for investors, communities, executives.

Implementation Overview

Phased: governance setup, materiality assessment (GRI 3), data systems, disclosures, Content Index. Applies to all sizes/sectors globally; requires cross-functional teams, training, assurance readiness.