Sarbanes-Oxley Act

Before the signing ceremony of the Sarbanes-Oxley Act, President George W. Bush meets with Senator Paul Sarbanes, Secretary of Labor Elaine Chao and other dignitaries in the Blue Room at the White House on July 30, 2002.

The Sarbanes-Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called Sarbanes-Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of the affected companies collapsed, shook public confidence in the nation's securities markets. Named after sponsors Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH), the Act was approved by the House by a vote of 334-90 and by the Senate 99-0. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt."[1]

The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies. The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. Debate continues over the perceived benefits and costs of SOX. Supporters contend that the legislation was necessary and has played a useful role in restoring public confidence in the nation's capital markets by, among other things, strengthening corporate accounting controls. Opponents of the bill claim that it has reduced America's international competitive edge against foreign financial service providers, claiming that SOX has introduced an overly complex and regulatory environment into U.S. financial markets.[2]

The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.

Contents

Overview

Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections, summarized below.

  1. Public Company Accounting Oversight Board (PCAOB)
    Title I consists of nine sections and establishes the Public Company Accounting Oversight Board, to provide independent oversight of public accounting firms providing audit services ("auditors"). It also creates a central oversight board tasked with registering auditors, defining the specific processes and procedures for compliance audits, inspecting and policing conduct and quality control, and enforcing compliance with the specific mandates of SOX.
  2. Auditor Independence
    Title II consists of nine sections and establishes standards for external auditor independence, to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. It restricts auditing companies from providing non-audit services (e.g., consulting) for the same clients.
  3. Corporate Responsibility
    Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction of external auditors and corporate audit committees, and specifies the responsibility of corporate officers for the accuracy and validity of corporate financial reports. It enumerates specific limits on the behaviors of corporate officers and describes specific forfeitures of benefits and civil penalties for non-compliance. For example, Section 302 requires that the company's "principal officers" (typically the Chief Executive Officer and Chief Financial Officer) certify and approve the integrity of their company financial reports quarterly [3]
  4. Enhanced Financial Disclosures
    Title IV consists of nine sections. It describes enhanced reporting requirements for financial transactions, including off-balance-sheet transactions, pro-forma figures and stock transactions of corporate officers. It requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates both audits and reports on those controls. It also requires timely reporting of material changes in financial condition and specific enhanced reviews by the SEC or its agents of corporate reports.
  5. Analyst Conflicts of Interest
    Title V consists of only one section, which includes measures designed to help restore investor confidence in the reporting of securities analysts. It defines the codes of conduct for securities analysts and requires disclosure of knowable conflicts of interest.
  6. Commission Resources and Authority
    Title VI consists of four sections and defines practices to restore investor confidence in securities analysts. It also defines the SEC’s authority to censure or bar securities professionals from practice and defines conditions under which a person can be barred from practicing as a broker, adviser or dealer.
  7. Studies and Reports
    Title VII consists of five sections concerned with conducting research for enforcing actions against violations by the SEC registrants (companies) and auditors. Studies and reports include the effects of consolidation of public accounting firms, the role of credit rating agencies in the operation of securities markets, securities violations and enforcement actions, and whether investment banks assisted Enron, Global Crossing and others to manipulate earnings and obfuscate true financial conditions.
  8. Corporate and Criminal Fraud Accountability
    Title VIII consists of seven sections and is also referred to as the “Corporate and Criminal Fraud Act of 2002”. It describes specific criminal penalties for fraud by manipulation, destruction or alteration of financial records or other interference with investigations, while providing certain protections for whistle-blowers.
  9. White Collar Crime Penalty Enhancement
    Title IX consists of two sections. This section is also called the “White Collar Crime Penalty Enhancement Act of 2002.” This section increases the criminal penalties associated with white-collar crimes and conspiracies. It recommends stronger sentencing guidelines and specifically adds failure to certify corporate financial reports as a criminal offense.
  10. Corporate Tax Returns
    Title X consists of one section. Section 1001 states that the Chief Executive Officer should sign the company tax return.
  11. Corporate Fraud Accountability
    Title XI consists of seven sections. Section 1101 recommends a name for this title as “Corporate Fraud Accountability Act of 2002”. It identifies corporate fraud and records tampering as criminal offenses and joins those offenses to specific penalties. It also revises sentencing guidelines and strengthens their penalties. This enables the SEC to temporarily freeze large or unusual payments.

History and context: events contributing to the adoption of SOX

A variety of complex factors created the conditions and culture in which a series of large corporate frauds occurred between 2000-2002. The spectacular, highly-publicized frauds at Enron (see Enron scandal), WorldCom, and Tyco exposed significant problems with conflicts of interest and incentive compensation practices. The analysis of their complex and contentious root causes contributed to the passage of SOX in 2002.[4] In a 2004 interview, Senator Paul Sarbanes stated:

The Senate Banking Committee undertook a series of hearings on the problems in the markets that had led to a loss of hundreds and hundreds of billions, indeed trillions of dollars in market value. The hearings set out to lay the foundation for legislation. We scheduled 10 hearings over a six-week period, during which we brought in some of the best people in the country to testify...The hearings produced remarkable consensus on the nature of the problems: inadequate oversight of accountants, lack of auditor independence, weak corporate governance procedures, stock analysts' conflict of interests, inadequate disclosure provisions, and grossly inadequate funding of the Securities and Exchange Commission.[5]

Timeline and passage of SOX

The House passed Rep. Oxley's bill (H.R. 3763) on April 25, 2002, by a vote of 334 to 90. The House then referred the "Corporate and Auditing Accountability, Responsibility, and Transparency Act" or "CAARTA" to the Senate Banking Committee with the support of President George W. Bush and the SEC. At the time, however, the Chairman of that Committee, Senator Paul Sarbanes (D-MD), was preparing his own proposal, Senate Bill 2673.

Senator Sarbanes’s bill passed the Senate Banking Committee on June 18, 2002, by a vote of 17 to 4. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $3.8 billion during the past five quarters (15 months), primarily by improperly accounting for its operating costs. Sen. Sarbanes introduced Senate Bill 2673 to the full Senate that same day, and it passed 97-0 less than three weeks later on July 15, 2002.

The House and the Senate formed a Conference Committee to reconcile the differences between Sen. Sarbanes's bill (S. 2673) and Rep. Oxley's bill (H.R. 3763). The conference committee relied heavily on S. 2673 and “most changes made by the conference committee strengthened the prescriptions of S. 2673 or added new prescriptions.” (John T. Bostelman, The Sarbanes-Oxley Deskbook § 2-31.)

The Committee approved the final conference bill on July 24, 2002, and gave it the name "the Sarbanes-Oxley Act of 2002." The next day, both houses of Congress voted on it without change, producing an overwhelming margin of victory: 423 to 3 in the House and 99 to 0 in the Senate. On July 30, 2002, President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt." [1]

Analyzing the cost-benefits of Sarbanes-Oxley

A significant body of academic research and opinion exists regarding the costs and benefits of SOX, with significant differences in conclusions. This is due in part to the difficulty of isolating the impact of SOX from other variables affecting the stock market and corporate earnings.[8][9] Conclusions from several of these studies and related criticism are summarized below:

The effect of SOX on non-US companies

Some have asserted that Sarbanes-Oxley legislation has helped displace business from New York to London, where the Financial Services Authority regulates the financial sector with a lighter touch. In the UK, the non-statutory Combined Code of Corporate Governance plays a somewhat similar role to SOX. See Howell E. Jackson & Mark J. Roe, “Public Enforcement of Securities Laws: Preliminary Evidence” (Working Paper January 16, 2007). The Alternative Investment Market claims that its spectacular growth in listings almost entirely coincided with the Sarbanes Oxley legislation. In December 2006 Michael Bloomberg, New York's mayor, and Charles Schumer, a US senator, expressed their concern.[21]

The Sarbanes-Oxley Act's effect on non-US companies cross-listed in the US is different on firms from developed and well regulated countries than on firms from less developed countries according to Kate Litvak.[22] Companies from badly regulated countries benefit from better credit ratings by complying to regulations in a highly regulated country (USA) that is higher than the cost, but companies from developed countries only incur the cost, since transparency is adequate in their home countries as well. On the other hand, the benefit of better credit rating also comes with listing on other stock exchanges such as the London Stock Exchange.

The impact of SOX on foreign listings was also examined by Piotroski and Srinivasan (2008). They compared new foreign listings onto US and UK stock exchanges between 1995 and 2006. They found no impact of SOX on the listing preferences of large foreign firms choosing between US exchanges and the LSE's Main Market. In contrast, they find that the likelihood of a US listing among small foreign firms choosing between the Nasdaq and LSE's Alternative Investment Market decreased following SOX. The negative effect among small firms is consistent with these companies being less able to absorb the incremental costs associated with SOX compliance. This suggests that SOX had a mixed effect on the costs and benefits of a US listing based on characteristics of the foreign companies seeking a listing. [23]

Implementation of key provisions

SOX Section 302: Internal control certifications

Under Sarbanes-Oxley, two separate certification sections came into effect—one civil and the other criminal. 15 U.S.C. § 7241 (Section 302) (civil provision); 18 U.S.C. § 1350 (Section 906) (criminal provision).

Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are “responsible for establishing and maintaining internal controls” and “have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.” 15 U.S.C. § 7241(a)(4). The officers must “have evaluated the effectiveness of the company’s internal controls as of a date within 90 days prior to the report” and “have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.” Id..

The SEC interpreted the intention of Sec. 302 in Final Rule 33-8124. In it, the SEC defines the new term "disclosure controls and procedures", which are distinct from "internal controls over financial reporting".[24]

Under both Section 302 and Section 404, Congress directed the SEC to promulgate regulations enforcing these provisions. (See Final Rule: Management’s Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Release No. 33-8238 (June 5,2003), available at http://www.sec.gov/rules/final/33-8238.htm.)

External auditors are required to issue an opinion on whether effective internal control over financial reporting was maintained in all material respects by management. This is in addition to the financial statement opinion regarding the accuracy of the financial statements. The requirement to issue a third opinion regarding management's assessment was removed in 2007.

SOX Section 404: Assessment of internal control

Main article: SOX 404 top-down risk assessment

The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.[25]

Under Section 404 of the Act, management is required to produce an “internal control report” as part of each annual Exchange Act report. See 15 U.S.C. § 7262. The report must affirm “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” 15 U.S.C. § 7262(a). The report must also “contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” To do this, managers are generally adopting an internal control framework such as that described in COSO.

To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.[26] This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance [27] on June 27, 2007. It is generally consistent with the PCAOB's guidance, but intended to provide guidance for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:

SOX 404 compliance costs represent a tax on inefficiency, encouraging companies to centralize and automate their financial reporting systems. This is apparent in the comparative costs of companies with decentralized operations and systems, versus those with centralized, more efficient systems. For example, the 2007 FEI survey indicated average compliance costs for decentralized companies were $1.9 million, while centralized company costs were $1.3 million.[28] Costs of evaluating manual control procedures are dramatically reduced through automation.

SOX 404 and smaller public companies

The cost of complying with SOX 404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment. For example, during 2004 U.S. companies with revenues exceeding $5 billion spent .06% of revenue on SOX compliance, while companies with less than $100 million in revenue spent 2.55%.[29]

This disparity is a focal point of 2007 SEC and U.S. Senate action.[30] The PCAOB intends to issue further guidance to help companies scale their assessment based on company size and complexity during 2007. The SEC issued their guidance to management in June, 2007.[1]

After the SEC and PCAOB issued their guidance, the SEC required smaller public companies (non-accelerated filers) with fiscal years ending after December 15, 2007 to document a Management Assessment of their Internal Controls over Financial Reporting (ICFR). Outside auditors of non-accelerated filers however opine or test internal controls under PCAOB (Public Company Accounting Oversight Board) Auditing Standards for years ending after December 15, 2008. Another extension was granted by the SEC for the outside auditor assessment until years ending after December 15, 2009. The reason for the timing disparity was to address the House Committee on Small Business concern that the cost of complying with Section 404 of the Sarbanes-Oxley Act of 2002 was still unknown and could therefore be disproportionately high for smaller publicly held companies.[31]

SOX Section 802: Criminal penalties for violation of SOX

Section 802(a) of the SOX, 18 U.S.C. § 1519 states:

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

SOX Section 1107: Criminal penalties for retaliation against whistleblowers

Section 1107 of the SOX 18 U.S.C. § 1513(e) states:[32]

Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offence, shall be fined under this title, imprisoned not more than 10 years, or both.

Criticism

Critics of the act such as congressman Ron Paul contend that SOX was an unnecessary and costly government intrusion into corporate management that places U.S. corporations at a competitive disadvantage with foreign firms, driving businesses out of the United States. In an April 14, 2005 speech before the U.S. House of Representatives, Paul stated, "These regulations are damaging American capital markets by providing an incentive for small US firms and foreign firms to deregister from US stock exchanges. A research study published by Joseph Piotroski of Stanford University and Suraj Srinivasan of Harvard Business School titled "Regulation and Bonding: Sarbanes Oxley Act and the Flow of International Listings" in the Journal of Accounting Research in 2008 found that following the act's passage, smaller international companies were more likely to list in stock exchanges in the U.K. rather than U.S. stock exchanges.[33] According to a study by the prestigious Wharton Business School, the number of American companies deregistering from public stock exchanges nearly tripled during the year after Sarbanes-Oxley became law, while the New York Stock Exchange had only 10 new foreign listings in all of 2004. The reluctance of small businesses and foreign firms to register on American stock exchanges is easily understood when one considers the costs Sarbanes-Oxley imposes on businesses. According to a survey by Korn/Ferry International, Sarbanes-Oxley cost Fortune 500 companies an average of $5.1 million in compliance expenses in 2004., while a study by the law firm of Foley and Lardner found the Act increased costs associated with being a publicly held company by 130 percent." [34] In November of 2008, Newt Gingrich and co-author David W. Kralik called on Congress to repeal Sarbanes-Oxley [2].

Praise

SOX has been praised by a cross-section of financial industry experts, citing improved investor confidence and more accurate, reliable financial statements. The CEO and CFO are now required to unequivocally take ownership for their financial statements under Section 302, which was not the case prior to SOX. Further, auditor conflicts of interest have been addressed, by prohibiting auditors from also having lucrative consulting agreements with the firms they audit under Section 206. SEC Chairman Christopher Cox stated in 2007: "Sarbanes-Oxley helped restore trust in U.S. markets by increasing accountability, speeding up reporting, and making audits more independent."[35]

The FEI 2007 study and research by the Institute of Internal Auditors (IIA) also indicate SOX has improved investor confidence in financial reporting, a primary objective of the legislation. The IIA study also indicated improvements in board, audit committee, and senior management engagement in financial reporting and improvements in financial controls.[36][37]

Financial restatements increased significantly in the wake of the SOX legislation and have since dramatically declined, as companies "cleaned up" their books. Glass, Lewis & Co. LLC is a San Francisco-based firm that tracks the volume of do-overs by public companies. Its March 2006 report, "Getting It Wrong the First Time," shows 1,295 restatements of financial earnings in 2005 for companies listed on U.S. securities markets, almost twice the number for 2004. "That's about one restatement for every 12 public companies—up from one for every 23 in 2004," says the report.[38]

Legal challenges

A lawsuit (Free Enterprise Fund v. Public Company Accounting Oversight Board) was filed in 2006 challenging the constitutionality (legality) of the PCAOB. The complaint argues that because the PCAOB has regulatory powers over the accounting industry, its officers should be appointed by the President, rather than the SEC.[39]Further, because the law lacks a "severability clause," if part of the law is judged unconstitutional, so is the remainder. If the plaintiff prevails, the U.S. Congress may have to devise a different method of officer appointment. Further, the other parts of the law may be open to revision.[40] The lawsuit was dismissed from a District Court; the decision was upheld by the Court of Appeals on August 22, 2008.[41] Judge Kavanaugh, in his dissent, argued strongly against the constitutionality of the law, and The Supreme Court of the U.S. is expected to grant certiorari.[42]

Legislative information

See also

Similar laws in other countries

References

  1. 1.0 1.1 Bumiller, Elisabeth (2002-07-31). "Bush Signs Bill Aimed at Fraud in Corporations", The New York Times. 
  2. A Mckinsey & Company study commissioned by NYC Mayor Bloomberg and NY Senator Charles Schumer cites this as one reason that America's financial sector is losing market share to other financial centers around the world. Reference http://www.senate.gov/~schumer/SchumerWebsite/pressroom/special_reports/2007/NY_REPORT%20_FINAL.pdf
  3. Kuschnik, Bernhard; The Sarbanes Oxley Act: "Big Brother is watching" you or Adequate Measures of Corporate Governance Regulation? 5 Rutgers Business Law Journal [2008], 64 - 95; available at http://businesslaw.newark.rutgers.edu/RBLJ_vol5_no1_kuschnik.pdf
  4. Farrell, Greg. "America Robbed Blind." Wizard Academy Press: 2005
  5. Sarbanes Interview
  6. SEC Annual Budget
  7. SEC Levitt Speech The Numbers Game
  8. Five years of Sarbanes-Oxley”, The Economist (2007-07-26). 
  9. Shakespeare, Catharine (2008). "Sarbanes-Oxley Act of 2002 Five Years On: What Have We Learned?". Journal of Business & Technology Law: 333. 
  10. FEI 2007 Survey of SOX 404 Costs
  11. FEI 2006 Survey of SOX 404 Costs
  12. Foley & Lardner 2007 Study
  13. The SOX Debacle
  14. IIA Research SOX Looking at the Benefits
  15. The Effect of Internal Control Deficiencies on Firm Risk and Cost of Capital
  16. Zhang-Economic Costs of SOX
  17. The Effect of the Sarbanes-Oxley Act (Section 404) Management's Report on Audit Fees, Accruals and Stock Returns
  18. Lord & Benoit Report
  19. Benoit WSJ
  20. Piotroski, Joseph D. and Srinivasan, Suraj, Regulation and Bonding: The Sarbanes-Oxley Act and the Flow of International Listings(January 2008). Available at SSRN: http://ssrn.com/abstract=956987
  21. Bloomberg-Schumer report
  22. SSRN-The Effect of the Sarbanes-Oxley Act on Non-US Companies Cross-Listed in the US by Kate Litvak
  23. Piotroski, Joseph D. and Srinivasan, Suraj, Regulation and Bonding: The Sarbanes-Oxley Act and the Flow of International Listings(January 2008). Available at SSRN: http://ssrn.com/abstract=956987
  24. http://www.sec.gov/rules/final/33-8124.htm
  25. See New Center for Data Analysis Report
  26. PCAOB Auditing Standard No. 5
  27. SEC Interpretive Guidance
  28. FEI Survey 2007
  29. SEC Advisory Cmte. Report - See charts on pages 33-34.
  30. Dodd-Shelby Amendment
  31. Sarbanes-Oxley: Progressive Punishment for Regressive Victimization, 44 Hous. L. Rev. 95 (2007)
  32. Stephen M. Kohn, Michael D. Kohn, and David K. Colapinto (2004). Whistleblower Law: A Guide to Legal Protections for Corporate Employees. Praeger Publishers. ISBN 0-275-98127-4
  33. Piotroski, Joseph D. and Srinivasan, Suraj, Regulation and Bonding: The Sarbanes-Oxley Act and the Flow of International Listings(January 2008). Available at SSRN: http://ssrn.com/abstract=956987
  34. Repeal Sarbanes-Oxley! Ron Paul, April 14, 2005
  35. USA Today - SOX Law Has Been a Pretty Clean Sweep
  36. FEI Survey
  37. IIA Study
  38. Glass Lewis Survey of Restatements
  39. http://online.wsj.com/public/resources/documents/PCAOBcomplaint.pdf
  40. Washington Post
  41. PCAOB News Release
  42. http://www.nysun.com/editorials/sell-sarbanes-oxley/84635/ NY Sun Editorial

External links