Reprint: R0604J In the wake of a series of gross corporate abuses around the turn of the century, Congress passed Sarbanes-Oxley, which was intended to make corporate governance more rigorous, financial practices more transparent, and management criminally liable for lapses. The first year of implementation was costly and onerous, far more so than companies had been led to expect. In the view of a few open-minded firms, however, the second year of compliance turned out to be not only less costly and less onerous (as doing something for the second time usually turns out to be), but a source of valuable insights into operations, which management has translated into improved efficiencies and cost savings. The areas of improvement go well beyond technical statutory compliance. They include a strengthened control environment; more reliable documentation; increased audit committee involvement; better, less burdensome compliance with other statutory regimes; more standardized processes for IT and other functions; reduced complexity of organizational processes; better internal controls within partner companies; and more effective use of both automated and manual controls. The result is not only shareholder protection, the official purpose of the act, but also enhanced shareholder value. More than a year since the first deadline arrived, Sarbanes-Oxley still inspires fear—of enforcement actions, of the stock market’s reaction to a deficiency, and of personal liability. Fear can be a powerful generator of upstanding conduct. But businesses run on discovering and creating value. Companies need to start viewing Sarbanes-Oxley as an ally in that effort.
When Congress hurriedly passed the Sarbanes-Oxley Act of 2002, it had in mind combating fraud, improving the reliability of financial reporting, and restoring investor confidence. Understandably, most executives wondered why they should be subjected to the same compliance burdens as those who had been negligent or dishonest. Smaller companies in particular complained about the monopolization of executives’ time and costs running into the millions of dollars. A version of this article appeared in the April 2006 issue of Harvard Business Review.
Finance Essentials Course Learn More & See All Courses
The Sarbanes-Oxley Act of 2002 cracks down on corporate fraud. It created the Public Company Accounting Oversight Board to oversee the accounting industry. It banned company loans to executives and gave job protection to whistleblowers. The Act strengthens the independence and financial literacy of corporate boards. It holds CEOs personally responsible for errors in accounting audits. The Act is named after its sponsors, Senator Paul Sarbanes, D-Md., and Congressman Michael Oxley, R-Ohio. It's also called "Sarbox" or "SOX." The statute became law on July 30, 2002. The Securities and Exchange Commission (SEC) enforces it. Many thought that Sarbanes-Oxley was too punitive and costly to put in place. They worried it would make the United States a less attractive place to do business. In retrospect, it's clear that Sarbanes-Oxley was on the right track. Deregulation in the banking industry contributed to the 2008 financial crisis and the Great Recession. Section 404 requires corporate executives to certify the accuracy of financial statements personally. If the SEC finds violations, CEOs could face 20 years in jail. The SEC used Section 404 to file more than 200 civil cases, but only a few CEOs have faced criminal charges. Section 404 made managers maintain “adequate internal control structure and procedures for financial reporting." Companies' auditors had to “attest” to these controls and disclose “material weaknesses." SOX created a new auditor watchdog, the Public Company Accounting Oversight Board. It set standards for audit reports. It requires all auditors of public companies to register with them. The PCAOB inspects, investigates, and enforces the compliance of these firms. It prohibits accounting firms from doing business consulting with the companies they are auditing. They can still act as tax consultants, but the lead audit partners must rotate off the account after five years. SOX hasn't increased the competition in the oligarchic accounting industry, which is still dominated by the so-called Big Four firms: Ernst & Young, PricewaterhouseCoopers, KPMG, and Deloitte. Public corporations must hire an independent auditor to review their accounting practices. It deferred this rule for small-cap companies, those with a market capitalization of less than $75 million. Most (83%) large corporations agreed that SOX increased investor confidence. A third said it reduced fraud. SOX protects employees that report fraud and testify in court against their employers. Companies are not allowed to change the terms and conditions of their employment. They can't reprimand, fire, or blacklist the employee. SOX also protects contractors. Whistleblowers can report any corporate retaliation to the Occupational Safety and Health Administration. Private companies must also adopt SOX-type governance and internal control structures. Otherwise, they face increased difficulties. They will have trouble raising capital. They will also face higher insurance premiums and greater civil liability. These would create a loss of status among potential customers, investors, and donors. SOX increased audit costs. This was a greater burden for small companies than for large ones. It may have convinced some businesses to use private equity funding instead of using the stock market. The Securities Act of 1933 regulated securities until 2002. It required companies to publish a prospectus about any publicly-traded stocks it issued. The corporation and its investment bank were legally responsible for telling the truth. That included audited financial statements. Although the corporations were legally responsible, the CEOs were not. So, it was difficult to prosecute them. The rewards of "cooking the books" far outweighed the risks to any individual. SOX addressed the corporate scandals at Enron, WorldCom, and Arthur Anderson. It prohibited auditors from doing consulting work for their auditing clients. That prevented the conflict of interest which led to the Enron fraud. Congress responded to the Enron media fallout, a lagging stock market, and looming reelections. The Sarbanes-Oxley Act was passed by Congress to curb widespread fraudulence in corporate financial reports, scandals that rocked the early 2000s. The Act now holds CEOs responsible for their company’s financial statements. Whistleblowing employees are given protection. More stringent auditing standards are followed. These are just a few of the SOX stipulations. Some critics though believe SOX is an expensive compliance, particularly for small companies, but its focus on high auditing quality has restored and strengthened investor confidence in U.S. companies.
All publicly traded companies in the U.S. must comply with SOX.
The severity of penalty for noncompliance depends on which of the 11 sections of SOX were violated. Punishment can range from paying a fine or losing an exchange listing to long prison sentences and millions of dollars in fines.
It's a compliance audit done by a neutral third party to verify financial statements of a company and how they were created. The auditor will look at financial statements and interview certain employees of the company to ensure the company is in compliance with SOX. |