Navigate Up

Sarbanes-Oxley Compliance

The Sarbanes-Oxley (SOX) Act of 2002 represents landmark legislation in the world of corporate compliance, securities and capital markets, and overall organization governance and responsibility.

UPMC's voluntary compliance with the legislation marks the first nonprofit ever to meet these rigorous accounting rules intended for corporate America.

  • UPMC established formal governance over financial reporting and interaction with the Board of Directors, Audit Committee, and external financial auditors.
  • CEOs and CFOs certify quarterly whether the company’s financial statements are true, complete, and fairly stated.
  • CEOs and CFOs evaluate the effectiveness of the company’s disclosure controls and procedures each quarter and present their conclusions about the effectiveness in each quarterly and annual filing.
  • Management annually assess and assert to the effectiveness of the company’s internal controls and procedures for financial reporting.

This last requirement, known as Section 404, has had one of the largest impacts on corporations in America. Companies impacted have initiated projects to document, assess the gaps over, remediate, and test the internal controls over financial reporting (ICOFR). In addition, each company must assert as to its findings resulting from this process and that the ICOFR are adequate within the parameters established by the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC).

As a not-for-profit organization, UPMC is not required to comply with the regulations established by SOX. However, UPMC and its Board of Directors has determined that voluntary compliance with SOX is in the best interest of the organization. UPMC initiated a project in June 2004 to comply with the key components of SOX. Among the activities included in this project are:

  • Review of key financial reporting governance areas
  • Identification and strengthening of the corporate ethics program
  • Development of an entity-wide project plan to comply with SOX
  • Review of entity level controls that impact ICOFR
  • Initiation of the ICOFR evaluation program required by Section 404, including the following:
  • Identification of the key business operations and locations for inclusion
  • Development of an entity-wide ICOFR documentation program
  • Completion of a pilot ICOFR documentation project
  • Initiation of ICOFR documentation within the key business operations and locations
  • Initiation of a gap analysis over the ICOFR documentation components

Within the not-for-profit industry segment, UPMC is leading the way in adopting the requirements of SOX. Many organizations have begun to realize the value to be gained through an assessment of internal controls over financial reporting. In fact, organizations such as UPMC see it as making good business sense. However, while others have waited, UPMC decided it was time to act.

©  UPMC | Affiliated with the University of Pittsburgh Schools of the Health Sciences
Supplemental content provided by A.D.A.M. Health Solutions. All rights reserved.

For help in finding a doctor or health service that suits your needs, call the UPMC Referral Service at 412-647-UPMC (8762) or 1-800-533-UPMC (8762). Select option 1.

UPMC is an equal opportunity employer. UPMC policy prohibits discrimination or harassment on the basis of race, color, religion, ancestry, national origin, age, sex, genetics, sexual orientation, marital status, familial status, disability, veteran status, or any other legally protected group status. Further, UPMC will continue to support and promote equal employment opportunity, human dignity, and racial, ethnic, and cultural diversity. This policy applies to admissions, employment, and access to and treatment in UPMC programs and activities. This commitment is made by UPMC in accordance with federal, state, and/or local laws and regulations.

Medical information made available on UPMC.com is not intended to be used as a substitute for professional medical advice, diagnosis, or treatment. You should not rely entirely on this information for your health care needs. Ask your own doctor or health care provider any specific medical questions that you have. Further, UPMC.com is not a tool to be used in the case of an emergency. If an emergency arises, you should seek appropriate emergency medical services.

For UPMC Mercy Patients: As a Catholic hospital, UPMC Mercy abides by the Ethical and Religious Directives for Catholic Health Care Services, as determined by the United States Conference of Catholic Bishops. As such, UPMC Mercy neither endorses nor provides medical practices and/or procedures that contradict the moral teachings of the Roman Catholic Church.

© UPMC
Pittsburgh, PA, USA UPMC.com