The Sarbanes-Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted 2002-07-30), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox; is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of the affected companies collapsed, shook public confidence in the nation's securities markets. Named after sponsors Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH), the Act was approved by the House by a vote of 423-3 and by the Senate 99-0. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt."<sup id="cite_ref-0" class="reference">[1]</sup>
The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies. The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. Debate continues over the perceived benefits and costs of SOX. Supporters contend that the legislation was necessary and has played a useful role in restoring public confidence in the nation's capital markets by, among other things, strengthening corporate accounting controls. Opponents of the bill claim that it has reduced America's international competitive edge against foreign financial service providers, claiming that SOX has introduced an overly complex and regulatory environment into U.S. financial markets.<sup id="cite_ref-1" class="reference">[2]</sup>
The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
<table id="toc" class="toc" summary="Contents"> <tbody><tr> <td> Contents
[hide]
[edit] Overview
Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections, summarized below.
[edit] History & context: events contributing to the adoption of SOX
<table class="metadata plainlinks ambox ambox-content" style=""> <tbody><tr> <td class="ambox-image">
</td> <td class="ambox-text" style="">The neutrality of this section is disputed.
<small>Please see the discussion on the talk page. (December 2007)</small>
<small>Please do not remove this message until the dispute is resolved.</small></td> </tr> </tbody></table> A variety of complex factors created the conditions and culture in which a series of large corporate frauds occurred between 2000-2002. The spectacular, highly-publicized frauds at Enron (see Enron scandal), WorldCom, and Tyco exposed significant problems with conflicts of interest and incentive compensation practices. The analysis of their complex and contentious root causes contributed to the passage of SOX in 2002.<sup id="cite_ref-2" class="reference">[3]</sup> In a 2004 interview, Senator Paul Sarbanes stated:
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">The Senate Banking Committee undertook a series of hearings on the problems in the markets that had led to a loss of hundreds and hundreds of billions, indeed trillions of dollars in market value. The hearings set out to lay the foundation for legislation. We scheduled 10 hearings over a six-week period, during which we brought in some of the best people in the country to testify...The hearings produced remarkable consensus on the nature of the problems: inadequate oversight of accountants, lack of auditor independence, weak corporate governance procedures, stock analysts' conflict of interests, inadequate disclosure provisions, and grossly inadequate funding of the Securities and Exchange Commission.<sup id="cite_ref-3" class="reference">[4]</sup></td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
[edit] Timeline and passage of SoX
The House passed Rep. Oxley's bill (H.R. 3763) on April 25, 2002, by a vote of 334 to 90. The House then referred the "Corporate and Auditing Accountability, Responsibility, and Transparency Act" or "CAARTA" to the Senate Banking Committee with the support of President George W. Bush and the SEC. At the time, however, the Chairman of that Committee, Senator Paul Sarbanes (D-MD), was preparing his own proposal, Senate Bill 2673.
Senator Sarbanes?s bill passed the Senate Banking Committee on June 18, 2002, by a vote of 17 to 4. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $3.8 billion during the past five quarters (15 months), primarily by improperly accounting for its operating costs. Sen. Sarbanes introduced Senate Bill 2673 to the full Senate that same day, and it passed 97-0 less than three weeks later on July 15, 2002.
The House and the Senate formed a Conference Committee to reconcile the differences between Sen. Sarbanes's bill (S. 2673) and Rep. Oxley's bill (H.R. 3763). The conference committee relied heavily on S. 2673 and ?most changes made by the conference committee strengthened the prescriptions of S. 2673 or added new prescriptions.? (John T. Bostelman, The Sarbanes-Oxley Deskbook ? 2-31.)
The Committee approved the final conference bill on July 24, 2002, and gave it the name "the Sarbanes-Oxley Act of 2002." The next day, both houses of Congress voted on it without change, producing an overwhelming margin of victory: 423 to 3 in the House and 99 to 0 in the Senate. On July 30, 2002, President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt." <sup id="cite_ref-6" class="reference">[7]</sup>
[edit] Analyzing the cost-benefits of Sarbanes-Oxley
A significant body of academic research and opinion exists regarding the costs and benefits of SOX, with significant differences in conclusions. This is due in part to the difficulty of isolating the impact of SOX from other variables affecting the stock market and corporate earnings.<sup id="cite_ref-7" class="reference">[8]</sup><sup id="cite_ref-Shakespeare_8-0" class="reference">[9]</sup> Conclusions from several of these studies and related criticism are summarized below:
[edit] The effect of SOX on non-US companies
Some have asserted that Sarbanes-Oxley legislation has helped displace business from New York to London, where the Financial Services Authority regulates the financial sector with a lighter touch. In the UK, the non-statutory Combined Code of Corporate Governance plays a somewhat similar role to SOX. However, a greater amount of resources are dedicated to enforcement of securities laws in the UK than in the US?see Howell E. Jackson & Mark J. Roe, ?Public Enforcement of Securities Laws: Preliminary Evidence,? (Working Paper January 16, 2007). The Alternative Investment Market claims that its spectacular growth in listings almost entirely coincided with the Sarbanes Oxley legislation. In December 2006 Michael Bloomberg, New York's mayor, and Charles Schumer, a U.S. senator, expressed their concern.<sup id="cite_ref-19" class="reference">[20]</sup>
The Sarbanes-Oxley Act's effect on Non-US companies cross-listed in the US is different on firms from developed and well regulated countries than on firms from less developed countries according to Kate Litvak.<sup id="cite_ref-20" class="reference">[21]</sup> Companies from badly regulated countries benefit from better credit ratings by complying to regulations in a highly regulated country (USA) that is higher than the cost, but companies from developed countries only incur the cost, since transparency is adequate in their home countries as well. On the other hand, the benefit of better credit rating also comes with listing on other stock exchanges such as the London Stock Exchange.
[edit] Implementation of Key Provisions
[edit] SOX Section 302: Internal control certifications
Under Sarbanes-Oxley, two separate certification sections came into effect?one civil and the other criminal. 15 U.S.C. ? 7241 (Section 302) (civil provision); 18 U.S.C. ? 1350 (Section 906) (criminal provision).
Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are ?responsible for establishing and maintaining internal controls? and ?have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.? 15 U.S.C. ? 7241(a)(4). The officers must ?have evaluated the effectiveness of the company?s internal controls as of a date within 90 days prior to the report? and ?have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.? Id..
The SEC interpreted the intention of Sec. 302 in Final Rule 33-8124. In it, the SEC defines the new term "disclosure controls and procedures", which are distinct from "internal controls over financial reporting".<sup id="cite_ref-21" class="reference">[22]</sup>
Under both Section 302 and Section 404, Congress directed the SEC to promulgate regulations enforcing these provisions. (See Final Rule: Management?s Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Release No. 33-8238 (June 5,2003), available at http://www.sec.gov/rules/final/33-8238.htm.)
External auditors are required to issue an opinion on whether effective internal control over financial reporting was maintained in all material respects by management. This is in addition to the financial statement opinion regarding the accuracy of the financial statements. The requirement to issue a third opinion regarding management's assessment was removed in 2007.
[edit] SOX Section 404: Assessment of internal control
The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.<sup id="cite_ref-22" class="reference">[23]</sup>
Under Section 404 of the Act, management is required to produce an ?internal control report? as part of each annual Exchange Act report. See 15 U.S.C. ? 7262. The report must affirm ?the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.? 15 U.S.C. ? 7262(a). The report must also ?contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.? To do this, managers are generally adopting an internal control framework such as that described in COSO.
To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.<sup id="cite_ref-23" class="reference">[24]</sup> This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance <sup id="cite_ref-24" class="reference">[25]</sup> on June 27, 2007. It is generally consistent with the PCAOB's guidance, only intended for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:
[edit] SOX 404 and smaller public companies
The cost of complying with SOX 404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment. For example, during 2004 U.S. companies with revenues exceeding $5 billion spent .06% of revenue on SOX compliance, while companies with less than $100 million in revenue spent 2.55%.<sup id="cite_ref-25" class="reference">[26]</sup>
This disparity is a focal point of 2007 SEC and U.S. Senate action.<sup id="cite_ref-26" class="reference">[27]</sup> The PCAOB intends to issue further guidance to help companies scale their assessment based on company size and complexity during 2007. The SEC issued their guidance to management in June, 2007.[1]
After the SEC and PCAOB issued their guidance, the SEC required smaller public companies (non-accelerated filers) with fiscal years ending after December 15, 2007 to document a Management Assessment of their Internal Controls over Financial Reporting (ICFR). Outside auditors of non-accelerated filers however opine or test internal controls under PCAOB (Public Company Accounting Oversight Board) Auditing Standards for years ending after December 15, 2008. Another extension was granted by the SEC for the outside auditor assessment until years ending after December 15, 2009. The reason for the timing disparity was to address the House Committee on Small Business concern that the cost of complying with Section 404 of the Sarbanes-Oxley Act of 2002 was still unknown and could therefore be disproportionately high for smaller publicly held companies.<sup id="cite_ref-27" class="reference">[28]</sup>
[edit] SOX Section 802 Criminal Penalties for Violation of SOX
Section 802(a) of the SOX, 18 U.S.C. ? 1519 states:
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.</td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
[edit] SOX Section 1107 Criminal Penalties for Retaliation Against Whistleblowers
Section 1107 of the SOX 18 U.S.C. ? 1513(e) states:<sup id="cite_ref-28" class="reference">[29]</sup>
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offence, shall be fined under this title, imprisoned not more than 10 years, or both.</td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
[edit] Criticism
Detractors such as congressman Ron Paul contend that SOX was an unnecessary and costly government intrusion into corporate management that places U.S. corporations at a competitive disadvantage with foreign firms, driving businesses out of the United States. In an April 14, 2005 speech before the U.S. House of Representatives, Paul stated, "These regulations are damaging American capital markets by providing an incentive for small US firms and foreign firms to deregister from US stock exchanges. According to a study by the prestigious Wharton Business School, the number of American companies deregistering from public stock exchanges nearly tripled during the year after Sarbanes-Oxley became law, while the New York Stock Exchange had only 10 new foreign listings in all of 2004. The reluctance of small businesses and foreign firms to register on American stock exchanges is easily understood when one considers the costs Sarbanes-Oxley imposes on businesses. According to a survey by Korn/Ferry International, Sarbanes-Oxley cost Fortune 500 companies an average of $5.1 million in compliance expenses in 2004., while a study by the law firm of Foley and Lardner found the Act increased costs associated with being a publicly held company by 130 percent." <sup id="cite_ref-29" class="reference">[30]</sup>
[edit] Legal Challenges
A lawsuit (Free Enterprise Fund v. Public Company Accounting Oversight Board) was filed in 2006 challenging the constitutionality (legality) of the PCAOB. The complaint argues that since the PCAOB has regulatory powers over the accounting industry, its officers should be appointed by the President, rather than the SEC.<sup id="cite_ref-30" class="reference">[31]</sup>Further, because the law lacks a "severability clause," if part of the law is judged unconstitutional, so is the remainder. If the plaintiff prevails, the U.S. Congress may have to devise a different method of officer appointment. Further, the other parts of the law may be open to revision.<sup id="cite_ref-31" class="reference">[32]</sup> The lawsuit was dismissed from a District Court; the decision was upheld by the Court of Appeals on August 22, 2008.<sup id="cite_ref-32" class="reference">[33]</sup> Judge Kavanaugh, in his dissent, argued strongly against the constitutionality of the law, and The Supreme Court of the U.S. is expected to grant certiorari.<sup id="cite_ref-33" class="reference">[34]</sup>
The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies. The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. Debate continues over the perceived benefits and costs of SOX. Supporters contend that the legislation was necessary and has played a useful role in restoring public confidence in the nation's capital markets by, among other things, strengthening corporate accounting controls. Opponents of the bill claim that it has reduced America's international competitive edge against foreign financial service providers, claiming that SOX has introduced an overly complex and regulatory environment into U.S. financial markets.<sup id="cite_ref-1" class="reference">[2]</sup>
The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
<table id="toc" class="toc" summary="Contents"> <tbody><tr> <td> Contents
[hide]
- 1 Overview
- 2 History & context: events contributing to the adoption of SOX
- 3 Analyzing the cost-benefits of Sarbanes-Oxley
- 4 Implementation of Key Provisions
- 5 Criticism
- 6 Legal Challenges
- 7 Legislative information
- 8 References
- 9 See also
- 10 External links
[edit] Overview
Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections, summarized below.
- 1) Public Company Accounting Oversight Board (PCAOB)
- 2) Auditor Independence
- 3) Corporate Responsibility
- 4) Enhanced Financial Disclosures
- 5) Analyst Conflicts of Interest
- 6) Commission Resources and Authority
- 7) Studies and Reports
- 8) Corporate and Criminal Fraud Accountability
- 9) White Collar Crime Penalty Enhancement
- 10) Corporate Tax Returns
- 11) Corporate Fraud Accountability
[edit] History & context: events contributing to the adoption of SOX
<table class="metadata plainlinks ambox ambox-content" style=""> <tbody><tr> <td class="ambox-image">
</td> <td class="ambox-text" style="">The neutrality of this section is disputed.
<small>Please see the discussion on the talk page. (December 2007)</small>
<small>Please do not remove this message until the dispute is resolved.</small></td> </tr> </tbody></table> A variety of complex factors created the conditions and culture in which a series of large corporate frauds occurred between 2000-2002. The spectacular, highly-publicized frauds at Enron (see Enron scandal), WorldCom, and Tyco exposed significant problems with conflicts of interest and incentive compensation practices. The analysis of their complex and contentious root causes contributed to the passage of SOX in 2002.<sup id="cite_ref-2" class="reference">[3]</sup> In a 2004 interview, Senator Paul Sarbanes stated:
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">The Senate Banking Committee undertook a series of hearings on the problems in the markets that had led to a loss of hundreds and hundreds of billions, indeed trillions of dollars in market value. The hearings set out to lay the foundation for legislation. We scheduled 10 hearings over a six-week period, during which we brought in some of the best people in the country to testify...The hearings produced remarkable consensus on the nature of the problems: inadequate oversight of accountants, lack of auditor independence, weak corporate governance procedures, stock analysts' conflict of interests, inadequate disclosure provisions, and grossly inadequate funding of the Securities and Exchange Commission.<sup id="cite_ref-3" class="reference">[4]</sup></td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
- Auditor conflicts of interest: Prior to SOX, auditing firms, the primary financial "watchdogs" for investors, were self-regulated. They also performed significant non-audit or consulting work for the companies they audited. Many of these consulting agreements were far more lucrative than the auditing engagement. This presented at least the appearance of a conflict of interest. For example, challenging the company's accounting approach might damage a client relationship, conceivably placing a significant consulting arrangement at risk, damaging the auditing firm's bottom line.
- Boardroom failures: Boards of Directors, specifically Audit Committees, are charged with establishing oversight mechanisms for financial reporting in U.S. corporations on the behalf of investors. These scandals identified Board members who either did not exercise their responsibilities or did not have the expertise to understand the complexities of the businesses. In many cases, Audit Committee members were not truly independent of management.
- Securities analysts' conflicts of interest: The roles of securities analysts, who make buy and sell recommendations on company stocks and bonds, and investment bankers, who help provide companies loans or handle mergers and acquisitions, provide opportunities for conflicts. Similar to the auditor conflict, issuing a buy or sell recommendation on a stock while providing lucrative investment banking services creates at least the appearance of a conflict of interest.
- Inadequate funding of the SEC: The SEC budget has steadily increased to nearly double the pre-SOX level.<sup id="cite_ref-4" class="reference">[5]</sup>In the interview cited above, Sarbanes indicated that enforcement and rule-making are more effective post-SOX.
- Banking practices: Lending to a firm sends signals to investors regarding the firm's risk. In the case of Enron, several major banks provided large loans to the company without understanding, or while ignoring, the risks of the company. Investors of these banks and their clients were hurt by such bad loans, resulting in large settlement payments by the banks. Others interpreted the willingness of banks to lend money to the company as an indication of its health and integrity, and were led to invest in Enron as a result. These investors were hurt as well.
- Internet bubble: Investors had been stung in 2000 by the sharp declines in technology stocks and to a lesser extent, by declines in the overall market. Certain mutual fund managers were alleged to have advocated the purchasing of particular technology stocks, while quietly selling them. The losses sustained also helped create a general anger among investors.
- Executive compensation: Stock option and bonus practices, combined with volatility in stock prices for even small earnings "misses," resulted in pressures to manage earnings.<sup id="cite_ref-5" class="reference">[6]</sup> Stock options were not treated as compensation expense by companies, encouraging this form of compensation. With a large stock-based bonus at risk, managers were pressured to meet their targets.
[edit] Timeline and passage of SoX
The House passed Rep. Oxley's bill (H.R. 3763) on April 25, 2002, by a vote of 334 to 90. The House then referred the "Corporate and Auditing Accountability, Responsibility, and Transparency Act" or "CAARTA" to the Senate Banking Committee with the support of President George W. Bush and the SEC. At the time, however, the Chairman of that Committee, Senator Paul Sarbanes (D-MD), was preparing his own proposal, Senate Bill 2673.
Senator Sarbanes?s bill passed the Senate Banking Committee on June 18, 2002, by a vote of 17 to 4. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $3.8 billion during the past five quarters (15 months), primarily by improperly accounting for its operating costs. Sen. Sarbanes introduced Senate Bill 2673 to the full Senate that same day, and it passed 97-0 less than three weeks later on July 15, 2002.
The House and the Senate formed a Conference Committee to reconcile the differences between Sen. Sarbanes's bill (S. 2673) and Rep. Oxley's bill (H.R. 3763). The conference committee relied heavily on S. 2673 and ?most changes made by the conference committee strengthened the prescriptions of S. 2673 or added new prescriptions.? (John T. Bostelman, The Sarbanes-Oxley Deskbook ? 2-31.)
The Committee approved the final conference bill on July 24, 2002, and gave it the name "the Sarbanes-Oxley Act of 2002." The next day, both houses of Congress voted on it without change, producing an overwhelming margin of victory: 423 to 3 in the House and 99 to 0 in the Senate. On July 30, 2002, President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt." <sup id="cite_ref-6" class="reference">[7]</sup>
[edit] Analyzing the cost-benefits of Sarbanes-Oxley
A significant body of academic research and opinion exists regarding the costs and benefits of SOX, with significant differences in conclusions. This is due in part to the difficulty of isolating the impact of SOX from other variables affecting the stock market and corporate earnings.<sup id="cite_ref-7" class="reference">[8]</sup><sup id="cite_ref-Shakespeare_8-0" class="reference">[9]</sup> Conclusions from several of these studies and related criticism are summarized below:
- FEI Survey (Annual): Finance Executives International (FEI) provides an annual survey on SOX Section 404 costs. These costs have continued to decline relative to revenues since 2004. The 2007 study indicated that, for 168 companies with average revenues of $4.7 billion, the average compliance costs were $1.7 million (.036% of revenue).<sup id="cite_ref-9" class="reference">[10]</sup> The 2006 study indicated that, for 200 companies with average revenues of $6.8 billion, the average compliance costs were $2.9 million (.043% of revenue), down 23% from 2005. Cost for decentralized companies (i.e., those with multiple segments or divisions) were considerably more than centralized companies. Survey scores related to the positive effect of SOX on investor confidence, reliability of financial statements, and fraud prevention continue to rise. However, when asked in 2006 whether the benefits of compliance with Section 404 have exceeded costs in 2006, only 22 percent agreed.<sup id="cite_ref-10" class="reference">[11]</sup>
- Foley & Lardner Survey (2007): This annual study focused on changes in the total costs of being a U.S. public company, which were significantly affected by SOX. Such costs include external auditor fees, directors and officers (D&O) insurance, board compensation, lost productivity, and legal costs. Each of these cost categories increased significantly between FY2001-FY2006. Nearly 70% of survey respondents indicated public companies with revenues under $250 million should be exempt from SOX Section 404.<sup id="cite_ref-11" class="reference">[12]</sup>
- Butler/Ribstein (2006): Their book proposed a comprehensive overhaul or repeal of SOX and a variety of other reforms. For example, they indicate that investors could diversify their stock investments, efficiently managing the risk of a few catastrophic corporate failures, whether due to fraud or competition. However, if each company is required to spend a significant amount of money and resources on SOX compliance, this cost is borne across all publicly traded companies and therefore cannot be diversified away by the investor.<sup id="cite_ref-12" class="reference">[13]</sup>
- Institute of Internal Auditors (2005): The research paper indicates that corporations have improved their internal controls and that financial statements are perceived to be more reliable.<sup id="cite_ref-13" class="reference">[14]</sup>
- Skaife/Collins/Kinney/Lefond (2006): This research paper indicates that borrowing costs are lower for companies that improved their internal control, by between 50 and 150 basis points (.5 to 1.5 percentage points).<sup id="cite_ref-14" class="reference">[15]</sup>
- Zhang (2005): This research paper estimated SOX compliance costs as high as $1.4 trillion, by measuring changes in market value around key SOX legislative "events." This number is based on the assumption that SOX was the cause of related short-duration market value changes, which the author acknowledges as a drawback of the study.<sup id="cite_ref-15" class="reference">[16]</sup>
- Iliev (2007): This research paper indicated that SOX 404 indeed led to conservative reported earnings, but also reduced -- rightly or wrongly -- stock valuations of small firms.<sup id="cite_ref-16" class="reference">[17]</sup> Lower earnings often cause the share price to decrease.
- Lord & Benoit Report (2006): This study included a population of nearly 2,500 companies and indicated that companies with no material weaknesses in their internal controls, or companies that corrected them in a timely manner, experienced much greater increases in share prices than companies that did not.<sup id="cite_ref-17" class="reference">[18]</sup><sup id="cite_ref-18" class="reference">[19]</sup> The report indicated that the benefits to a compliant company in share price (10% above Russell 3000 index) were greater than their SOX Section 404 costs.
[edit] The effect of SOX on non-US companies
Some have asserted that Sarbanes-Oxley legislation has helped displace business from New York to London, where the Financial Services Authority regulates the financial sector with a lighter touch. In the UK, the non-statutory Combined Code of Corporate Governance plays a somewhat similar role to SOX. However, a greater amount of resources are dedicated to enforcement of securities laws in the UK than in the US?see Howell E. Jackson & Mark J. Roe, ?Public Enforcement of Securities Laws: Preliminary Evidence,? (Working Paper January 16, 2007). The Alternative Investment Market claims that its spectacular growth in listings almost entirely coincided with the Sarbanes Oxley legislation. In December 2006 Michael Bloomberg, New York's mayor, and Charles Schumer, a U.S. senator, expressed their concern.<sup id="cite_ref-19" class="reference">[20]</sup>
The Sarbanes-Oxley Act's effect on Non-US companies cross-listed in the US is different on firms from developed and well regulated countries than on firms from less developed countries according to Kate Litvak.<sup id="cite_ref-20" class="reference">[21]</sup> Companies from badly regulated countries benefit from better credit ratings by complying to regulations in a highly regulated country (USA) that is higher than the cost, but companies from developed countries only incur the cost, since transparency is adequate in their home countries as well. On the other hand, the benefit of better credit rating also comes with listing on other stock exchanges such as the London Stock Exchange.
[edit] Implementation of Key Provisions
[edit] SOX Section 302: Internal control certifications
Under Sarbanes-Oxley, two separate certification sections came into effect?one civil and the other criminal. 15 U.S.C. ? 7241 (Section 302) (civil provision); 18 U.S.C. ? 1350 (Section 906) (criminal provision).
Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are ?responsible for establishing and maintaining internal controls? and ?have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.? 15 U.S.C. ? 7241(a)(4). The officers must ?have evaluated the effectiveness of the company?s internal controls as of a date within 90 days prior to the report? and ?have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.? Id..
The SEC interpreted the intention of Sec. 302 in Final Rule 33-8124. In it, the SEC defines the new term "disclosure controls and procedures", which are distinct from "internal controls over financial reporting".<sup id="cite_ref-21" class="reference">[22]</sup>
Under both Section 302 and Section 404, Congress directed the SEC to promulgate regulations enforcing these provisions. (See Final Rule: Management?s Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Release No. 33-8238 (June 5,2003), available at http://www.sec.gov/rules/final/33-8238.htm.)
External auditors are required to issue an opinion on whether effective internal control over financial reporting was maintained in all material respects by management. This is in addition to the financial statement opinion regarding the accuracy of the financial statements. The requirement to issue a third opinion regarding management's assessment was removed in 2007.
[edit] SOX Section 404: Assessment of internal control
The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.<sup id="cite_ref-22" class="reference">[23]</sup>
Under Section 404 of the Act, management is required to produce an ?internal control report? as part of each annual Exchange Act report. See 15 U.S.C. ? 7262. The report must affirm ?the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.? 15 U.S.C. ? 7262(a). The report must also ?contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.? To do this, managers are generally adopting an internal control framework such as that described in COSO.
To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.<sup id="cite_ref-23" class="reference">[24]</sup> This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance <sup id="cite_ref-24" class="reference">[25]</sup> on June 27, 2007. It is generally consistent with the PCAOB's guidance, only intended for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:
- Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
- Understand the flow of transactions, including IT aspects, sufficient enough to identify points at which a misstatement could arise;
- Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
- Perform a fraud risk assessment;
- Evaluate controls designed to prevent or detect fraud, including management override of controls;
- Evaluate controls over the period-end financial reporting process;
- Scale the assessment based on the size and complexity of the company;
- Rely on management's work based on factors such as competency, objectivity, and risk;
- Conclude on the adequacy of internal control over financial reporting.
[edit] SOX 404 and smaller public companies
The cost of complying with SOX 404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment. For example, during 2004 U.S. companies with revenues exceeding $5 billion spent .06% of revenue on SOX compliance, while companies with less than $100 million in revenue spent 2.55%.<sup id="cite_ref-25" class="reference">[26]</sup>
This disparity is a focal point of 2007 SEC and U.S. Senate action.<sup id="cite_ref-26" class="reference">[27]</sup> The PCAOB intends to issue further guidance to help companies scale their assessment based on company size and complexity during 2007. The SEC issued their guidance to management in June, 2007.[1]
After the SEC and PCAOB issued their guidance, the SEC required smaller public companies (non-accelerated filers) with fiscal years ending after December 15, 2007 to document a Management Assessment of their Internal Controls over Financial Reporting (ICFR). Outside auditors of non-accelerated filers however opine or test internal controls under PCAOB (Public Company Accounting Oversight Board) Auditing Standards for years ending after December 15, 2008. Another extension was granted by the SEC for the outside auditor assessment until years ending after December 15, 2009. The reason for the timing disparity was to address the House Committee on Small Business concern that the cost of complying with Section 404 of the Sarbanes-Oxley Act of 2002 was still unknown and could therefore be disproportionately high for smaller publicly held companies.<sup id="cite_ref-27" class="reference">[28]</sup>
[edit] SOX Section 802 Criminal Penalties for Violation of SOX
Section 802(a) of the SOX, 18 U.S.C. ? 1519 states:
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.</td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
[edit] SOX Section 1107 Criminal Penalties for Retaliation Against Whistleblowers
Section 1107 of the SOX 18 U.S.C. ? 1513(e) states:<sup id="cite_ref-28" class="reference">[29]</sup>
<table style="border-style: none; margin: auto; border-collapse: collapse; background-color: transparent;" class="cquote"> <tbody><tr> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 35px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: left;" valign="top" width="20">?</td> <td style="padding: 4px 10px;" valign="top">Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offence, shall be fined under this title, imprisoned not more than 10 years, or both.</td> <td style="padding: 10px; color: rgb(178, 183, 242); font-size: 36px; font-family: 'Times New Roman',serif; font-weight: bold; text-align: right;" valign="bottom" width="20">?</td> </tr> </tbody></table>
[edit] Criticism
Detractors such as congressman Ron Paul contend that SOX was an unnecessary and costly government intrusion into corporate management that places U.S. corporations at a competitive disadvantage with foreign firms, driving businesses out of the United States. In an April 14, 2005 speech before the U.S. House of Representatives, Paul stated, "These regulations are damaging American capital markets by providing an incentive for small US firms and foreign firms to deregister from US stock exchanges. According to a study by the prestigious Wharton Business School, the number of American companies deregistering from public stock exchanges nearly tripled during the year after Sarbanes-Oxley became law, while the New York Stock Exchange had only 10 new foreign listings in all of 2004. The reluctance of small businesses and foreign firms to register on American stock exchanges is easily understood when one considers the costs Sarbanes-Oxley imposes on businesses. According to a survey by Korn/Ferry International, Sarbanes-Oxley cost Fortune 500 companies an average of $5.1 million in compliance expenses in 2004., while a study by the law firm of Foley and Lardner found the Act increased costs associated with being a publicly held company by 130 percent." <sup id="cite_ref-29" class="reference">[30]</sup>
[edit] Legal Challenges
A lawsuit (Free Enterprise Fund v. Public Company Accounting Oversight Board) was filed in 2006 challenging the constitutionality (legality) of the PCAOB. The complaint argues that since the PCAOB has regulatory powers over the accounting industry, its officers should be appointed by the President, rather than the SEC.<sup id="cite_ref-30" class="reference">[31]</sup>Further, because the law lacks a "severability clause," if part of the law is judged unconstitutional, so is the remainder. If the plaintiff prevails, the U.S. Congress may have to devise a different method of officer appointment. Further, the other parts of the law may be open to revision.<sup id="cite_ref-31" class="reference">[32]</sup> The lawsuit was dismissed from a District Court; the decision was upheld by the Court of Appeals on August 22, 2008.<sup id="cite_ref-32" class="reference">[33]</sup> Judge Kavanaugh, in his dissent, argued strongly against the constitutionality of the law, and The Supreme Court of the U.S. is expected to grant certiorari.<sup id="cite_ref-33" class="reference">[34]</sup>
