The effect of the Sarbanes–Oxley Act of 2002 (SOX) has been dramatic and global. SOX enhanced the regulatory framework for investor protection and confidence.
SOX has required or encouraged a variety of best practices related to management accountability, auditor independence, audit committees, internal control reporting, risk management, and improvement of financial processes.
One of the important contributions of the regulatory guidance is the “top-down risk-based assessment,” a robust framework for identifying and assessing financial reporting risks.
Compliance approaches, benefits, and costs continue to evolve as practice and regulatory guidance change.
The Sarbanes–Oxley Act of 2002 was passed in the context of a series of high-profile corporate scandals, a brief recession, and the events of 9/11. These factors were cited by President George W. Bush as a threat to investor confidence and the US economy overall. He also declared: “This law says to every dishonest corporate leader: you will be exposed and punished; the era of low standards and false profits is over; no boardroom in America is above or beyond the law.”1
US Senator Paul Sarbanes stated that during the development of the law, a series of Senate hearings with experts from business, government, and academia resulted in a “remarkable consensus on the nature of the problems.”2 These included inadequate oversight of the accounting profession, conflicts of interest involving auditors and stock analysts, weak corporate governance procedures, inadequate disclosure rules, and insufficient funding for the Securities and Exchange Commission (SEC).
The SOX law, corresponding guidance from regulators, and evolving approaches to implementation have resulted in a variety of internal control, risk management, and corporate governance best practices.
Hold Management Accountable
The law requires that the CEO and CFO sign certifications quarterly and annually attesting that they have reviewed the financial statements and (to their knowledge) believe them to be fair, accurate, and complete. Penalties for fraudulent certification are severe. This requirement has encouraged such best practices as:
Disclosure committees: A cross-functional group of top-level managers that meets to discuss pending public disclosures, including quarterly and annual financial reporting.
Representation letters: To support the certification by the CEO and CFO and ensure that material information is made known to them, a variety of senior finance and operations managers sign representation letters regarding financial reporting matters relevant to their areas of responsibility.
Improvement of finance organization: Many companies expanded the number and quality of financial personnel, particularly with respect to US Generally Accepted Accounting Principles and SEC reporting requirements.
- Page 1 of 6
- Next section Maintain Auditor Independence