Sarbanes-Oxley Act of 2002 - SOX
The finance industry was not always regulated. Prior to the great stock market crash in October of 1929, there was no regulation. After this crash, Congress held hearings to determine the problems and suggest solutions. This resulted in the Securities Act of 1933. The Security Exchange Commission (SEC) was created as a result of the Securities Act of 1933 and the Securities Exchange Act of 1934. The intent of this Commission was to restore confidence to investors by requiring honest reporting, and requiring companies and people who work in the industry to put investors’ interests first. After the fall of several publicly traded companies in 2001, it was clear that the SEC alone was not enough. For this reason and through the guidance of U.S. Senator Paul Sarbanes and U.S. Representative Michael Oxley, Congress passed the Sarbanes-Oxley Act in July 2002 (U.S. Securities and Exchange Commission, 2013).
The mission of Sarbanes-Oxley Act of 2002 is stated in Public Law 107-204 (2002), “To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes” (p. 1). To determine if the mission of SOX is successful the following will be discussed; the main advantages and disadvantages associated with SOX, the affects SOX has on public company Chief Operating Executive’s (CEO’s) and Chief Financial Executive’s (CFO’s), the impact SOX has on outside independent audit firms, and the improvement SOX section 404 has established on corporations’ internal financial controls. The final discussion will address whether SOX can guarantee the accuracy of public company financial statements.
Main advantages and disadvantages associated with SOX
There are several positive things that occurred after the passage of Sarbanes-Oxley Act of 2002. One, companies were being held accountable for their actions. SOX put in place some standardization practices that companies were required to perform. As an example, the Sarbanes-Oxley Act of 2002, Section 302, mandates the following provisions. * Office signing the report have reviewed the materials. * The report does not contain any untrue or misleading omissions. * Financial statements fairly present the financial condition of the company. * Officers signing the report are responsible for internal controls and have conducted an evaluation within the past 90 days to ensure compliance. * Officers are required to disclose deficiencies and report any fraud by members of the company. * Officers need to report any changes to the internal controls that could impact the integrity of the company evaluation.
This action helped to ensure that all public firms operated under the same set of guidelines.
The passage of SOX gave piece of mind to investors who had stakes in public companies. Because of SOX, investors have less to fear about inflated numbers of balance sheets or actions to hide bad financial news in the company. If a company is conducting business outside the lines of acceptable business practices, the leadership of the company can face criminal charges. In short, company leadership can no longer state, “I was not aware of this action by my finance department.” While company leadership is challenged to be on top of all financial decisions made by the firm, they need to stress financial compliance to their subordinates.
SOX requires companies to hire independent auditing companies to oversee their actions. These firms are required to maintain their objectivity and integrity when preforming services. The services provided must end after a five year period and another auditing company must be assigned. This provision reduces the opportunity for an auditing firm to ignore financial irregularities for fear they will be reported by the follow on firm.
There are, however, some cons to Sarbanes-Oxley. One, there is a significant cost in a company to ensure compliance with the act. Companies have to spend a lot of cash up front and then hire additional personnel to oversee the firm to ensure compliance. This cost is obviously passed on to the customers as an additional cost. Foreign competitors and private companies are not required to be in compliance with Sarbanes-Oxley and obviously have an advantage over public firms. Two, in order to implement and maintain Sarbanes-Oxley standards, a company will have to use company funds that could have been used for business development. In addition, Chan, Peters, Richardson and Weidenmier (2012), found that firms reporting IT material weaknesses in internal controls from 2004 to 2008 under SOX 404 tend to have significantly larger management forecast errors than firms reporting either effective internal controls or non-IT material weaknesses, after controlling for size, financial performance, and earnings characteristics that make earnings more difficult to predict.
Orin (2008) observed “that while Sarbanes-Oxley has made favorable inroads in the amorphous area of achieving a healthy corporate culture, at least in part through its requirements regarding codes of ethics, its efforts to ensure vigilant external oversight is a different situation entirely. In limiting the rotation requirement to audit partners within an audit firm, rather than requiring the rotation of the firm in its entirety” (p.143), Orin argues that Sarbanes-Oxley does not go far enough.
Corporate Responsibility
Chief executive officers (CEOs) and chief financial officers (CFOs) are highly responsible for: the financial reporting of their companies, the conduct of audits, internal controls, ethical conduct, and signing tax returns for their companies. The Sarbanes-Oxley Act of 2002, Section 302, specifically outlines how principal executive/ financial officers (or persons acting in their place) must officially state the accuracy of financial reports submitted to the Securities Exchange Commission (SEC). Section 302 outlines six particular provisions the CEOs and CFOs must certify for the financial statements. These include, that the officers have reviewed the reports, the reports are factual and not misleading, the information presented accurately represents the report time period, and the appropriate use of internal controls. To expand, the internal controls should ensure proper reporting of financial reports and prevent fraud. They are the responsibility of the certifying officers who must evaluate their operational effectiveness.
The evaluation of internal controls must be made specifically 90 days prior to the report and disclose any limitations or weaknesses in procedures, fraud committed within those controls, or any significant changes of processes or actions that could affect the financial reporting. Following these provisions for the financial reports, Section 303 of the Sarbanes-Oxley Act of 2002 addresses it is illegal for a CEO or CFO to negatively influence or interfere with audits of financial statements which may be deemed deceptive. Specifically, officers are not allowed to direct or coerce any accountant engaged in the audit. This is important to be stated because executive or financial officers have powerful incentives to meet certain financial objectives (American Institute of Certified Public Accounts, 2007). Section 304, titled forfeiture of certain bonuses and profits, states that if a report issued to the SEC has to be redone due to misconduct of financial reporting, then the responsible CEO or CFO must pay back any bonuses received for the misperceived financial performance reported on the previous reports. This includes any profits from sale of securities/stocks during the twelve months must also be paid back. Chief Officers are compensated greatly, but they are also reprimanded financially if they do not align with the provisions of the SEC involving the reporting of financial statements and information. Criminal penalties have also increased for misleading reports following the SOX Act of 2002 as outlined in section 1106.
Enhanced Financial Disclosers
As stated in section 302, the certifying CEO and CFO must evaluate their internal controls 90 days before submitting them to the SEC and board of directors. Section 404 follows on to state that each annual report must include a report on internal controls. This report must state the responsibility of management for the integrity of the internal control structure and report on the effectiveness of the internal controls operation. The audit committee then evaluates and reports on the appraisal made by the officers for the internal controls on their corresponding audit report. Audit committees are to keep in mind management overrides, since the officers are in control of the implementation and safeguarding of internal controls (American Institute of Certified Public Accounts, 2005). Chief Officers must not override internal controls to manipulate or interfere with proper financial reporting, as it can be considered a criminal offense. These standards must be outlined as addressed in Section 406 of the Sarbanes-Oxley Act, Code of Ethics for Senior Officers. This section, 406, states that public companies must disclose to the SEC if they uphold a code of ethics for their senior financial officers or if any waivers or changes were made to the preexisting code of ethics. Section 406 also defines the term code of ethics for financial senior officers to include standards that uphold * Ethical conduct when dealing with conflicts of interest * Accurate and prompt disclosure when dealing with reports, and * Obedience with governing laws.
Corporate Accountability
The CEOs and CFOs represent their responsibility and accountability of the signed financial reports by issuing a statement reiterating the accuracy and compliance of the all regulations and disclosure in financial reporting. The SOX act of 2002 clearly states the criminal penalties for non-compliance of the requirements stated by the SEC. The criminal penalties include fines up to five million dollars and/or imprisonment up to 20 years (SOX, 2002). The SEC also has the authority to prohibit persons from serving as officers or directors due to misconduct, as outlined in Section 1105. These sanctions reflect the seriousness of responsibility of CEOs and CFOs for full and accurate disclosure of financial reporting within public companies (SOX, 2002).
The impact SOX has on outside Auditor Firms
After more than 50 years of self-regulation, The Sarbanes-Oxley Act requires that the accounting industry be externally monitored by the creation of the Public Company Accounting Oversight Board (PCAOB). SOX (2002), requires public accounting firms that perform auditing services to register with the PCAOB. The PCAOB is a 5 member reporting board that is subject to SEC oversight. This board also investigates, disciplines and inspects the public accounting firms that provide auditing services. The PCAOB requires yearly registration fees from the businesses that provide auditing services. Public auditors are also required to maintain audit records of all businesses they have audited for the last seven years sufficient to support their audit conclusions. After several high profile scandals, such as Enron and WorldCom, there have been increased judgment challenges (Center for Audit Control, 2015). Under the oversight of the PCAOB, accounting firms who provide auditing services for over 100 companies will be inspected once a year. Companies that audit less than 100 companies will be inspected once every three years. The PCAOB may inspect, interview, investigate or review any documents associated with an audit to ensure compliance with all laws and regulations by the auditing agency. (U.S. Securities and Exchange Commission, 2013)
The Sarbanes-Oxley Act of 2002 requires greater accountability and increased the punishment of independent auditing firms who break the law or are found to have acted unethically. If an independent auditor is found by the PCAOB to be negligent, or to have broken the law, the PCAOB can impose punishment. An independent auditor can have their license revoked. An individual of the auditing team can have their license revoked, or banned from associating with auditing agencies or with any registered accounting firm. The independent audit firm could have fines of $2 million per violation up to a maximum of $15 million. Individuals who are registered with auditing firms could be disbarred or fined from $100,000 for each violation up to a maximum of $750,000. They can also be required to continue professional education. The money that is collected from these fines are put into accounting scholarships (U.S. Securities and Exchange Commission, 2013)
The Sarbanes-Oxley Act has outlined who can work for the independent auditors to avoid a conflict of interest between the auditors and the companies they audit. It prohibits most consulting services to outside companies. Other services that are not allowed by the auditing firm or its employees are “bookkeeping and related services, and implementation of financial information systems, appraisal or valuation services (including fairness opinions and contribution-in-kind reports) actuarial services, internal audit outsourcing, services that provide any management or human resources, investment or broker/dealer services, legal and expert services unrelated to the audit, and any other service that the board determines, by regulation, is impermissible” (U.S. Securities and Exchange Commission, 2013).
The requirement for independent auditors to make professional judgments in accordance with GAAP, along with the increased judgment challenges and the increased level of accountability, create a need for the auditor to poses high moral standards. In order for an auditor to perform their duties accurately and professionally, it has been found they require at a minimum the following moral values: Honesty, sincerity, truthfulness, reliability, dependability, trustworthiness, integrity, independence, objectivity, principled, healthy skepticism, and genuine concern for the public interest. It is also noted in the Libby and Thorne study that these minimum moral values are not necessarily enough for the auditors to possess. Used as an example is the reinterpretation of laws from 10-20 years ago. Not necessarily breaking these laws, but reinterpreting their meaning to benefit the company being audited. The most important non-mandatory virtue is making judgments where the public’s interest is paramount. (Libby & Thorne, 2004)
Since SOX, auditors are increasingly faced with judgment challenges. They are faced with the development of principled based auditing and accounting procedures which attempt to standardize findings. They are challenged with “complex business transactions and economic business decision-making in a global environment.” Accounting procedures have become more complex requiring auditors to consider several alternative answers. There is an increased need of transparency of estimates and other subjective elements of an audit as well as increased inspections of the final audit. It is imperative that auditors make accounting and auditing judgments in a “professionally skeptical manner” (Center for Audit Quality, 2014).
SOX section 404 on Internal Control
While the entirety of the Sarbanes-Oxley Act (SOX) is concerned with accountability, SOX section 404 on Internal Control attempts to outline the steps in which accountability should and will be put into practice. By making a company responsible for the internal control of financial reports, the law is essentially removing plausible deniability and forcing public companies and audit firms to constantly grow with any new laws and procedures that may be enacted. Because the financial sector, much like the rest of life, is in constant flux this seems to be a good way to ensure the accuracy of financial statements. Part A subsection 1 of Section 404 requires that internal controls be established and maintained within a company to ensure the company is in compliance with SOX. The effectiveness of the internal controls must be reported on my management. This is not a one-time requirement. It requires that the internal controls be evaluated annually and implemented throughout the current fiscal year. An annual evaluation of internal control is intended to ensure the company has a system of checks and balances in place which will achieve operational effectiveness and efficiency as well as produce reliable financial reports. Part A subsection 2 of Section 404 requires that a financial institution report on success/failure rate of the regulations that they have enacted for a fiscal year. In essence, after a company establishes its internal rules and regulations, it has to report on if those rules and regulations helped to achieve accuracy in their financial reports. Because the financial sector and financing in general are in flux, it creates a situation where company may have tried something the previous fiscal year that failed to assist with the accuracy of financial reports, where they have to fix those failings the following year. Part B of Section 404 requires public companies to have an audit firm evaluate and attest to management’s assessment of internal controls. This is intended to further increase the reliability of the internal controls in order to produce reliable financial data. Part C of Section 404 exempts non-accelerated filers from complying with Part B. Non-accelerated filers are generally smaller companies who have fewer resources to hire a public accounting firm audit their internal controls.
CEO and CFO Consideration of Financial Statements
The obvious answer is that the legislation is not working to what the public wants to see. This is evident by the housing bubble, market crash, and the unsecured loans that were on the books of many different places. That led to a nationwide depression and the overall loss of value for the dollar. The CEOs and CFOs need to pay more attention to these laws as there are more independent groups looking into the books of the companies reporting earnings far and above what they should be. CFOs must have the knowledge of different aspects to include: financial statement ratio analysis, balanced scorecard and dashboards, this will help define the financial place of the company. These different implements can help them see if the standardize performance of the company currently needs development. Every company has burdens that need to be addressed and they fall under the CFO accountabilities as well. These include everything from statutory and tax obligations to insurance debts so they have quite a large responsibility in the first place (Job Responsibilities, 2014). There is an obvious gap the CEOs can use with the fact that not all companies have to report in the first place or find loopholes in the current system. With this being understood, remember that GAAP is only a traditional list of criteria. This leaves a wide margin within GAAP for corrupt auditors to falsify data. Therefore, this leave the fact a company might use GAAP but, you still need to examine its financial statements (Investopedia, 2015). The private companies hire outside sources that may or may not follow the GAAP rules as they are generally hired as an internal source. They may answer to the board of directors but others might report to the CFO who then releases the information to those who need to know. This is one of the main differences in the public and private sector. They have different guidelines that not even the government has knowledge of until something wrong happens. With the dollar being at a low the country has not seen in decades there is more suspicion on where the “old” money has gone to. There are the Fannie Mae loans that were government regulated and was exempt from the reporting practices of other public entities. Then it was discovered that they were making all kinds of mistakes in the books. They were not seen as the GAAP practices were not being followed and none of the regular laws applied to them. The fact that the government cannot even follow their own rules set forth for the businesses shows the lack of trust in the current laws. The CEOs and CFOs must be on guard from outside sources that brought down the government’s own problems. CFOs are especially on guard due to the fact it is directly their responsibility to make sure that the laws are being followed to the letter. With the CFO being the right hand in the financials for the CEO it is not uncommon for the CEO to be asked for a report from an outside source. This tries to keep the firms a bit more honest by having independent parties looking over the reports. This yet again is something only public companies have to worry about more than the private companies. Until all companies are public or set to the same standards then there will always have discrepancies. Negative implications for CEOs and CFOs of public companies have greatly increased with the introduction of SOX. According to Marden, Edwards, and Stout (2006), SOX introduced significant personal penalties if CEOs and CFOs knowingly endorse false financial statements. CEOs and CFOs can now face up to five years in prison and large fines in addition to civil and criminal litigation. They can also be barred by the SEC from serving as a corporate officer in another publicly traded company. Now that CEOs and CFOs face greater personal liabilities, they are paying more attention to the requirements of SOX. Prior to the introduction of SOX, per Marden, Edwards, and Stout (2006), any monetary penalties imposed by the SEC could be paid from the public company’s funds. Shareholder lawsuits against public companies accusing them of fraud could be paid from insurance policies. CEOs and CFOs also were not worried about facing civil or criminal charges. Certification statements that a company’s financial statements are fairly presented now hold greater personal responsibility and therefore, demand the attention and due diligence of a company’s officers in order to protect their own interests.

References
American Institute of Certified Public Accounts. (2005). Management override of internal controls: the achilles’ hell of fraud prevention. Retrieved from http://www.aicpa.org/
Center for Audit Quality. (2014). Professional judgment resource. Retrieved from http://www. thecaq.org
Chan, L., Peters, G., Richardson, V., & Weidenmier, M. (2012). The consequence of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal controls. MIS Quarterly, 36, (1), 179-204. Retrieved from http: //www.misq.org/index.html
CFO Responsibilities (2014). Retrieved from http://www.jobresponsibilities.net/CFO-
Responsibilities.html
Civic Impulse. (2015). H.R. 3763 – 107th Congress: Sarbanes-Oxley Act or 2002. Retrieved from https://www.govtrack.us/congress/bills/107/hr3763
GAAP Investopedia (2015). Generally Accepted Accounting Principles – GAAP. Retrieved from http://www.investopedia.com/terms/g/gaap.asp Libby, T. Thorne, L. (2004, July). The identification and categorization of auditors’ virtues.
Business Ethics Quarterly, 14, 3, 479-498
Marden, R. E., Edwards, R. K., & Stout, W. D. (2006). The ceo/cfo certification requirement.
The CPA Journal. Retrieved from www.nysscpa.org
Orin, R., (2008). Ethical guidance and constraint under the Sarbanes-Oxley Act of 2002. Journal of Accounting, Auditing & Finance, 23, (1). 141-171. Retrieved from http://jaf.sagepub .com /
U.S. Securities and Exchange Commission. (2013, June). The investor’s advocate: how the sec protects investors, maintains market integrity, and facilitates capital formation. Retrieved from www.sec.gov