Sarbanes-Oxley Act and corporate compliance requirements

Sarbanes-Oxley Act

Prior to the enactment of the Sarbanes-Oxley Act (SOX) several large corporate accounting scandals had plagued corporate America. Of these, the most publicized were Enron, WorldCom and Tyco. These events rocked the financial world to the core, shaking investor confidence, and highlighting several significant problems in the accounting industry. In response, SOX was created to put tighter controls on public corporations, with the creation of the Public Company Accounting Oversight Board (PCAOB) and covering issues including: corporate governance, auditor independence, internal controls, and enhanced financial disclosure.

The Events Leading up to Sarbanes-Oxley:

The Enron Corporation scandal revealed fraudulent accounting procedures that caused the company's stock to plummet and forced the company into bankruptcy. The fallout from this negatively affected everyone from employees to investors to the investment world in general, as confidence in corporate America was damaged.

Yet, as Lucci notes, the damage didn't just end with Enron. "Financial scandals involving WorldCom, Qwest, Global Crossing, Tyco, and Enron ultimately cost shareholders $460 billion."

Because of these scandals, companies were forced to change the way they did business, to restore investor confidence. Organizations found themselves spending additional money on annual financial reviews, as opposed to the previous trend of keeping audit costs low.

Companies desperate to prove their financial worth and integrity began to go beyond the new legal requirements and set internal control standards more stringent than ever before (Lucci).

The accounting profession, as a whole, had suffered a blow to their credibility. With leading auditing firms, like Arthur Andersen, coming to their end thanks to their part in the Enron scandal, it cast a black cloud over the entire industry (Lucci).

With investor trust in corporations at a significant low, and the industry charged with financial reporting, an investor watchdog of sorts, under question, something had to be done.

Congress responded with the enactment of SOX, in 2002.

As Lucci states, SOX "has been called 'the most significant legislation governing U.S. securities markets since the 1930s'." In an uncommon feat of congressional agility, SOX became law a short seven months after Enron's filing for bankruptcy.

Introduced into Congress in July 2002, it was signed into law by the President by the end of the same month.

SOX Overview:

SOX was created to "crack (...) down on all the Enron - WorldCom - Global Crossing chicanery" (qtd. Lucci) and set stiff criminal penalties for violators of its provisions.

Although created to restore investor confidence, SOX also but corporate executives on notice. Penalties for violating SOX include: lengthy prison sentences and significant fines, if there are discrepancies found in their financial records, indicating fraud, following certification ("H.R. 3763").

There were many significant regulatory changes, with the enactment of SOX, for public corporations operating in America. With its passing, SOX now sets corporate governance as partially a function of federal legislation, removing it from the province of state legislatures.

In addition, Lucci surmises that SOX also greatly impacted the accounting and legal professions. Prior to SOX, the accounting profession enjoyed the freedom of self-regulation and the legal profession would now be required to make 'noisy withdrawals' when corporate executives left accounting errors uncorrected, as opposed to their previous life of client privilege.

Provisions of SOX:

There are fifteen major provisions, in SOX, according to Collins. These address a variety of areas. Companies are required to maintain detailed financial records. All audit or review work papers must be kept for five years, with auditors required to keep documentation for seven years. It is a felony should documents be destroyed in a federal or bankruptcy investigation, the penalty being up to 20 years in prison. The statute of limitation for the discovery of fraud is increased to two years from discovery date and five years following the act. Criminal penalties for securities fraud was increased to 25 years, by SOX.

Each public company's CEO and CFO must certify financial statements and reports. Personal loans are banned, to executive officers and company directors, with the enactment of SOX. It is also now required to accelerate reporting of insider trading ("H.R. 3763").

In addition, SOX now prohibits insider trading during pension fund blackouts. Compensation and profits for the CEO and CFO must be made public.

Auditor independence is now specifically required. and, American companies must have an internal audit function, that is certified by external auditors. Audit firms are prohibited from providing services, unrelated to their audit work, to clients. One of the most important provisions is an increased accountability, holding CEOs and directors accountable, for crimes of the organization, even if they had no knowledge of the crime. and, lastly, SOX provides provisions to protect corporate whistleblowers ("H.R. 3763"; Collins).

Major Impacts on Accounting Information Systems of SOX:

SOX deems management accountable for the accuracy of their financial reporting, as noted above. Beard and Wen note,

Management is expected to establish, evaluate, monitor, and provide written assessments of internal controls, which include policies and procedures that -- pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and disposition of the assets of the registrant, provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the registrant are being made only in accordance with authorization of management and directors of the registrant; and provide reasonable assurance regarding the prevention or timely detection of any unauthorized acquisition, use, or disposition of the registrant's assets that could have a material effect on the financial statements.