What is Sarbanes-Oxley Act (SOX)?

Definition of the Sarbanes-Oxley Act (SOX) 

On July 30, 2002, the Sarbanes-Oxley Act of 2002 (SOX) was signed into law by President George W. Bush. The Sarbanes-Oxley Act was named so because it was introduced by Senator Paul S. Sarbanes and House Representative Michael G. Oxley.

This Act was intended to improve financial reporting practices. The SOX provisions, however, apply only to public companies and public accounting firms that audit financial statements of public companies.

The SOX Act is organized into eleven (11) titles, which are listed below:

#	Title	Some Provisions
I	Public Company Accounting Oversight Board (PCAOB)	Establishes PCAOB. Outlines PCAOB responsibilities.
II	Auditor Independence	Dictates auditor independence standards, including: Services outside the scope of practice of auditors Audit partner rotation Auditor reports to audit committees Conflicts of interest Rotation of registered public accounting firms
III	Corporate Responsibility	Establishes responsibilities of public company audit committees. Establishes corporate responsibility for financial reports. Establishes officer and director bars and penalties. Prohibits improper influence on conduct of audits. Prohibits insider trading during pension fund black-out periods.
IV	Enhanced Financial Disclosures	Enhances financial disclosure requirements, including: Management assessment of internal controls Disclosures in periodic reports Disclosures of transactions involving management and principal stockholders Conflict of interest provisions
V	Analyst Conflicts of Interest	Discusses the treatment of securities analysts by registered securities associations and national securities exchanges.
VI	Commission Resources and Authority	Outlines resources and authority of the Securities and Exchange Commission (SEC).
VII	Studies and Reports	Discusses such studies as: GAO study and report regarding consolidation of public accounting firms Commission study and report regarding credit rating agencies Study and report on violators and violations Study of enforcement actions Study of investment banks
VIII	Corporate and Criminal Fraud Accountability	Establishes such provisions as: Criminal penalties for altering documents Criminal penalties for defrauding shareholders of publicly traded companies Statute of limitations for securities fraud Protection for employees of publicly traded companies who provide evidence of fraud Debts non-dischargeable if incurred in violation of securities fraud laws
IX	While-Collar Crime Penalty Enhancements	Discusses increased penalties for while-collar crimes, including: Criminal penalties for mail and wire fraud Criminal penalties for violations of the Employee Retirement Income Security Act of 1974 (ERISA)
X	Corporate Tax Returns	Requires corporate tax returns to be signed by the chief executive offer (CEO).
XI	Corporate Fraud and Accountability	Establishes enhanced regulation of general corporate fraud, including: Tampering with a record or otherwise impeding an official proceeding Authority of the Commission to prohibit persons from serving as officers or directors Increased criminal penalties under Securities Exchange Act of 1934 Retaliation against informants

SOX provision examples – part one 

 Public Company Accounting Oversight Board (PCAOB): the SOX Act establishes PCAOB, an independent board with standard setting and disciplinary authority. The Board consists of five (5) members: two (2) CPAs and three (3) non-CPAs.

Auditor Independence: the Act addresses auditor independence-related issues. It prohibits auditors of public companies from performing contemporaneously (i.e., at the same time) such non-audit services as:

• Actuarial
• Appraisal and valuation
• Bookkeeping
• Expert and legal services unrelated to the audit
• Financial information system design and implementation
• Human resources function
• Internal audit outsourcing
• Investment banking and advising by a broker/dealer
• Management function

Registered public accounting firms are required to rotate audit lead and review partners every five (5) years, or earlier. Audit partners are also not allowed to return, after rotation, to audit services with the same client within five (5) years.  To avoid conflict of interest, the Act prohibits an audit of a company if its executive (e.g., CEO, CFO, controller, etc.) was employed by the auditing firm and participated in the audit of the firm during the one (1) year period before the start of the audit.

Corporate Responsibility: in accordance with the Act, in order to be listed on national securities exchanges (e.g., NYSE, AMEX, NASDAQ) and national securities associations, public companies are required to comply with audit committee requirements, which include the following:

• Each member of the audit committee of the public company must be independent.
• The audit committee must be directly responsible for the appointment, compensation, retention, and oversight of the public accounting firm performing the audit. The auditors must directly report to the audit committee.
• The audit committee must establish procedures for receiving and processing complaints regarding auditing matters, including accounting and internal controls.
• The audit committee must have the authority to engage independent counsel.
• The public company must fund the audit committee. 

 
If a public company doesn’t have an audit committee, the board of directors can perform the function of an audit committee, provided the board meets all the requirements. Also, the Act has some exemptions from the audit committee requirement: parent-subsidiary, multiple listing, IPO, and foreign private issuer (e.g., foreign government, board of auditors, shareholder representative, and non-management employee).
The Act prohibits directors and officers and any person acting under the direction of an officer or director to influence the auditor though coercion, manipulation, misleading actions, or fraud - if that person knew or should have known that such actions could make the financial statements materially misleading. An individual can be considered a director or officer regardless of his or her title: it depends on the function of the individual in the organization.

SOX provision examples – part two 

 Enhanced Financial Disclosure: in accordance with the SOX Section 404, company’s management must create and maintain adequate internal controls over financial reporting and must present its assessment of the internal controls. Annual reports filed with the SEC must be accompanied by the management’s statement regarding the effectiveness of the internal controls. The company’s auditor must also attest to the management’s assessment of the company’s internal controls.

Public companies are required to disclose off-balance sheet transactions, arrangements, obligations, and other relationships with unconsolidated entities or other persons that may have a material current or future effect on:

• Financial condition
• Change in financial condition
• Results of operations
• Liquidity
• Capital expenditures
• Capital resources
• Significant components of revenues or expenses

Off-balance sheet arrangements include obligations under certain guarantee contracts, obligations under certain derivative instruments, a retained or contingent interest, and a material variable interest.
Corporate and Criminal Fraud Accountability: the Act requires auditors to retain audit and review records for seven (7) years after the completion of the audit or review of financial statements. Auditors must retain records that contain financial data, analysis, opinions, and conclusions that are related to audit or review as well as records sent or received in connection with the audit or review.


The Act establishes significant fines and penalties for corporate and criminal fraud. For instance, a failure by an auditor to properly maintain audit and review workpapers for at least five (5) years from the end of the fiscal year the audit or review was performed could result in fines and/or imprisonment of ten (10) years, or less. In accordance with the Act, "whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence" federal investigation or bankruptcy could face significant fines and/or imprisonment of not more than 20 years.

White-Collar Crime Penalty Enhancements: according to the Act, mail fraud, wire fraud, or false (willful) certification of financial reports could be punished with a fine of no more than $5 million or the imprisonment of up to 20 years, or both.

Corporate Fraud and Accountability: the Act gives the Securities and Exchange Commission a right to prohibit persons from serving as officers or directors of public companies that are registered pursuant to section 12 or that file reports pursuant to section 15(d). The Act also establishes increased criminal penalties under Securities Exchange Act of 1934 as well as whistleblower protection: retaliation against informants could be punished with a fine or imprisonment of no more than 10 years, or both