What is Sarbanes-Oxley?

The Sarbanes-Oxley Act of 2002 is the most far-reaching legislation affecting financial reporting, disclosure and internal controls since the Securities Act of 1933. For the first time, CEOs and CFOs are required to certify in writing that, not only are their financial disclosures complete and accurate, but that they have enacted “disclosure controls and procedures” to ensure reporting of material information affecting the company. In response to the recent corporate financial scandals involving Enron, WorldCom and others, including their auditing firms, the U.S. Congress has stepped up efforts to rein in corporate malfeasance and restore faith in financial reporting.

The Sarbanes- Oxley Act of 2002 is landmark legislation designed to make public companies more transparent in their financial reporting and more proactive in sharing material information with other participants in the financial reporting chain, which includes auditors, audit committees, analysts and investors.

The Sarbanes-Oxley Act is a complex act with many provisions. The two sections most relevant to public corporations are Sections 302 and 404. Section 302 pertains to disclosure controls and procedures; Section 404 pertains to internal controls and procedures for financial reporting. Section 302 mandates that CEOs and CFOs personally certify financial statements and filings, as well as affirm that they are responsible for establishing and enforcing disclosure controls and procedures at all levels of their corporation.

With each quarterly filing, they must certify that they have evaluated the effectiveness of these controls. In addition, they must disclose to their audit committee all significant deficiencies, material weaknesses, and acts of fraud. Section 404 requires an annual evaluation of internal controls and procedures for financial reporting. Under this section, a corporation must document its existing controls that have a bearing on financial reporting, test them for effectiveness, and report on gaps and deficiencies. Furthermore, the company’s independent auditor must issue a report, to be included in the company’s annual report, that attests to management’s assertion on the effectiveness of internal controls and procedures and financial reporting.

The Sarbanes-Oxley Act also describes other responsibilities. For example, it informs company boards of their responsibilities with respect to the institution of audit committees. It instructs the SEC to create an independent public accounting oversight board (PCAOB) with the express mandate to regulate the conduct of audit firms. Furthermore, it lays down guidelines for conduct of attorneys that represent public corporations before the SEC. For CEOs and CFOs, complying with these new, strict standards is not a matter of choice -- it is the cost of doing business in the new compliance age. For the first time, failure to comply carries the prospect of personal criminal liability. Also, for the first time, the definition of corporate governance is extending from the boardroom to the loading dock, to every investor, taxpayer, customer and employee. Companies will find that their friendly auditors will now take a firm stand on doing everything “by the book” because their livelihood is now at stake.