The Sarbanes-Oxley Act was signed into law on July 30, 2002 by President Bush, and was approved by the House by a vote of 423-3 and by the Senate 99-0. Sarbanes-Oxley is considered the most significant change to federal securities laws in the United States since the New Deal. Officially titled the Public Company Accounting Reform and Investor Protection Act of 2002, and commonly called SOX and Sarbox, it was named after sponsors Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH) and came as result of a series of corporate financial scandals.
The Sarbanes-Oxley Act is designed to review dated legislative audit requirements to protect investors by improving the accuracy and reliability of corporate disclosures, covering issues such as establishing a public company accounting oversight board, corporate responsibility, auditor independence, and enhanced financial disclosure. The act’s major provisions mention that we can name the prohibition on insider trades during pension fund blackout periods, the certification of financial reports by CEOs and CFOs, the public reporting of CEO and CFO compensation and profits, accelerated reporting of trades by insiders, and ban personal loans to any Executive Officer and Director. Basically, the act requires full disclosure on just about everything.
Sarbanes-Oxley requires additional disclosure as well as criminal and civil penalties for securities violations and significantly longer jail sentences and larger fines for corporate executives who knowingly and willfully misstate financial statements. The act also notes the prohibition on audit firms providing extra “value-added” services to their clients, including actuarial services, legal and extra services such as consulting or unrelated to their audit work. The Sarbanes Oxley Act also requires that publicly traded companies furnish independent annual audit reports on the existence and condition of internal controls as they relate to financial reporting.
Other provisions included mention that US companies are now obliged to have an internal audit function, which must be certified by external auditors. The act also grants auditor independence, including outright bans on certain types of work and pre-certification by the company’s Audit Committee of all other non-audit work. The Sarbanes-Oxley Act list also requires that information on how significant transactions are initiated, authorized, supported, processed, and reported must be disclosed if this information is requested at any time.
Sarbanes-Oxley allows enough information about the flow of transactions to identify where material misstatements due to error or fraud could occur. There is also information and other implementations and controls designed to prevent or detect fraud, including who performs the controls and the regulated segregation of duties. This act also states how the period-end financial reporting process and controls over safeguarding of assets, reporting the results of management’s testing and evaluation must be handled.
The future of The Sarbanes-Oxley Act will depend on businesses’ ability to respond to those areas already mentioned by making it a part of every-day business. Deloitte and Touche LLP has released a new publication called “Under Control” where some points on this matter are exposed, such as education and training to reinforce the control environment, clearly articulated roles and responsibilities and assigned accountability, effective and efficient processes for evaluating testing, remediating, monitoring, and reporting on controls, technology to enable compliance, adaptability and flexibility to respond to organizational and regulatory change, and integrated financial and internal control processes. It’s clear that the act may need refining in the future, but presently it serves as a protection to investors against those that do not or mistakenly fail to report accurately.