Sarbanes Oxley Act of 2002 Requirements
The Sarbanes Oxley Act of 2002 (SOX) is a federal law that sets standards for accounting, auditing, and financial reporting. Its primary goal is to restore investor confidence in financial reports. This Act also creates stronger oversight of public companies, including the creation of the Public Company Accounting Oversight Board (PCAOB) to oversee the audit of publicly traded companies.
The Sarbanes Oxley Act is divided into eleven sections. Section 404 requires that companies report details on their internal controls, which include procedures and processes relating to accounting and auditing. In addition, this Act directs the Securities and Exchange Commission to adopt rules that implement its provisions. A SOX auditor must review the controls during a Section 404 audit.
The Act contains provisions that aim to deter fraudulent corporate accounting, improve internal control systems, and increase transparency in financial reporting. To be compliant with the Act, companies must publish an annual internal control report, disclose details on their ICFR, and hire an independent auditor. For companies that are not compliant with the Act, they face fines. These fines are between $5 million and $20 million for shoddy documentation, and executives who approve shoddy or inaccurate documentation could face imprisonment of up to 20 years.
The Sarbanes-Oxley Act of 2002 has been criticized for the high costs that are associated with it. According to a study done by Foley and Lardner, it increased the average cost of a publicly held company by 130 percent. There are a number of reasons for this. Some business leaders believe that the Act is too burdensome and that smaller businesses are disproportionately impacted. Others, however, have praised the Act as an important step in ensuring that top management is transparent and accountable.
The Sarbanes-Oxley requirement of an Internal Controls Report shows how accurate a company’s financial data is. The report will also identify whether the company’s management is responsible for creating and evaluating its internal controls. As a result, if management fails to meet the requirements of the Act, then they will be personally liable for any violations.
In addition, the Sarbanes-Oxley Act has provided an incentive for small US firms to deregister. When an auditor reports that the company’s internal controls are not effective, then the management has to re-evaluate them. If the management does not respond to the external auditor, then the auditor will report that it disagrees with the management’s assessment of its ICFR.
Although the Act has been criticized for its costs, its provisions have been credited with helping to prevent a series of high-profile corporate scandals. Tyco International’s former chief financial officer was convicted of stealing hundreds of millions of dollars and for falsifying business records. Similarly, Value Line Securities, which operated a mutual fund, was involved in a fraud that cost $24 million.
In order to comply with the Sarbanes-Oxley Act of 2003, companies must submit an internal control report every year. They must also disclose the names of their audit committee members, the names of their audit partners, and the names of their financial experts.