What Is the Sarbanes-Oxley Act (SOX)?
REtipster does not provide legal advice. The information in this article can be impacted by many unique variables. Always consult with a qualified legal professional before taking action.
A Brief Background of the SOX Act
Financial reporting used to be largely unregulated, which allowed dishonest companies to mislead investors. For example, the Enron Corporation figured in one of the country’s largest corporate fraud scandals in history due to deceptive financial reporting.
Consequently, the incident prompted investors to look into the finances of other publicly traded companies, uncovering a flurry of similar, fraudulent practices. As a result, the United States Congress passed the Sarbanes-Oxley Act of 2002 to protect investors against similar incidents.
What Does the SOX Act Do?
The SOX Act increases the standard for financial reporting. It regulates corporate accounting, specifically for publicly traded companies, companies preparing for an IPO, accounting firms working with SOX-compliant companies, and subsidiaries of foreign companies operating in the U.S. that hold equity or debt with the Securities and Exchange Commission.
It maintains, enforces, and enhances disclosure requirements for publicly traded companies, including relevant off-balance items, leases, or special arrangements and entities. The SOX Act outlines how these requirements must be submitted using a universal format or standard, like the generally accepted accounting principles (GAAP) or the international financial reporting standards (IFRS). The SOX Act also requires these companies to report the buying and selling of stocks to the SEC.
Penalties for non-compliance include up to $1 million in fines, 10 years in prison for an accidental mistake in certification, and up to $5 million and 20 years’ imprisonment if a fraudulent certification was purposely signed off. Additionally, the SEC’s Public Company Accounting Oversight Board may investigate companies suspected of violating the SOX Act by doing random reviews and releasing their findings to the public.
In 2020, a new amendment was passed aimed at exempting small public companies from SOX auditing requirements. This addition meant that companies with yearly revenue of under $100 million and a public float (stocks or shares held by public investors) of under $700 million may cut down on related costs.
Private and exempted companies can choose not to comply with these regulations but are encouraged to do so to elevate their trustworthiness.
Provisions of The SOX Act
The SOX Act is composed of 11 sections (also known as titles) that encompass security, financial reporting, and other areas of corporate data management. Listed below are some of the major provisions related to the financial and auditing requirements of the act.
Section 302: Corporate Responsibility for Financial Reports
This section requires signing officers and senior executives to ensure financial data is accurate and reports do not omit key information. In addition, signing officers are responsible for establishing and maintaining internal policies that ensure the company and its employees do not commit fraud or other unethical business practices. This makes high-level executives accountable for misrepresented data.
Section 404: Management Assessment of Internal Controls
This section emphasizes the requirement of implementing appropriate internal controls within the company.
Unlike Section 302, which is concerned with how internal controls affect accuracy, Section 404 focuses on the qualitative aspects. Section 404 requires the disclosure of how the company maintains its policies for the accurate and ethical reporting of financial figures, giving public investors an insight into accounting and other related procedures.
The external auditor is also involved in assessing the management’s ability to maintain adequate internal controls.
Section 802: Criminal Penalties for Altering Documents
Any form of document alteration—whether concealing, mutilating, destroying, or falsifying—is prohibited by the SOX Act, and this section describes the appropriate penalties for these offenses. Accountants and auditors are not exempt from these penalties.
This section also describes record-keeping protocols, including the ownership of audits, reviews, and electronic communications. In conjunction, Section 902, which covers the Attempts & Conspiracies to Commit Fraud Offenses, also imposes penalties upon employees or executives that attempt to commit punishable actions based on the provision.
Section 806: Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
Section 806 shields employees that expose fraudulent activities within their company, particularly in three areas of concern: shareholder fraud, securities or federal fraud, and a direct violation of any SEC provision. In addition, companies that attempt to negatively reciprocate the whistleblower’s actions may be subject to criminal charges.
Benefits of The SOX Act
The SOX Act protects investors’ interests, as it ensures that the financial reports disclosed by companies represent factual numbers. As a result, investors can more confidently make business decisions based on their financial analysis. For instance, an investor may choose to pull out of a company that fails to report portfolio changes in their off-balance sheet. While the comprehensive reports required by the law are more costly to companies, the process has its merits.
Simply put, the SOX Act keeps companies vigilant and encourages executives to optimize their internal documentation processes, work with a reputable accounting and auditing firm, and implement measures that ensure reporting accuracy. These efforts not only appease investors but also prevent the company from unintentionally releasing erroneous reports.
The SOX Act in Practice
One of the biggest challenges of SOX Act compliance is the cost of implementation. A survey by Protiviti across 468 audit and finance leaders revealed public businesses with one to three locations were spending over $657,000 per year in SOX compliance, while those with over 12 locations were paying upward of $1.5 million.
Apart from high costs, companies are also spending a significant amount of time on SOX compliance procedures, cooperating with inspections from the Public Company Accounting Oversight Board, and aligning with updated accounting standards despite the availability of advanced technology.
As a result, it is challenging for small-scale IPOs and debt IPOs to afford compliance, forcing some companies to delay going public.
Despite these drawbacks, the SOX Act has become one of the most important transformative forces in corporate America. The act has boosted investor confidence over the years, and as vigilance has become a requirement among every aspect of the reporting chain—from executives and auditors to employees—reporting accuracy has become a natural part of operations.
In the context of real estate investments, the accuracy of financial reports has more implications than just a simple profit and loss statement. For example, real estate investors who invest in real estate investment trusts (REITs) can see growth trajectories and judge whether the REIT is profitable or not. The SOX Act guarantees that these reports are factual and accurate.
- The Sarbanes-Oxley Act (SOX) addresses and regulates the accuracy of financial reporting.
- This act empowers the Securities and Exchange Commission to penalize companies who misrepresent the state of their finances, ultimately protecting investors from fraud and other deceptive practices.
- The SOX Act guarantees that any statement regarding the performance of a publicly traded company is factual and honest, allowing investors the opportunity to invest without fear of deception.
- Kibler, T. (2019.) The Enron Corporation: A Tale of Corporate Fraud, Conspiracy, and Corruption. The HeinOnline. Retrieved from https://home.heinonline.org/blog/2019/12/the-enron-corporation-a-tale-of-corporate-fraud-conspiracy-and-corruption/
- The United States Congress. (2002). H.R.3763 – 107th Congress: Sarbanes-Oxley Act of 2002. Retrieved from https://www.congress.gov/bill/107th-congress/house-bill/3763
- Sarbanes-Oxley 101. (2021.) Sarbanes-Oxley FAQ. Retrieved from https://www.sarbanes-oxley-101.com/sarbanes-oxley-faq.htm
- Public Company Accounting Oversight Board. (n.d.) PCAOB Inspection Procedures: What Does the PCAOB Inspect and How Are Inspections Conducted? Retrieved from https://pcaobus.org/oversight/inspections/inspection-procedures
- Smith, Gambrell, & Russell. (2020.) Small Public Companies to Cut Audit Costs Following New SEC Rule Limiting Auditor Attestation. Retrieved from https://www.sgrlaw.com/client-alerts/small-public-companies-to-cut-audit-costs-following-new-sec-rule-limiting-auditor-attestation/
- Lutkevich, B. (2020.) Sarbanes-Oxley Act. TechTarget.Retrieved from https://searchcio.techtarget.com/definition/Sarbanes-Oxley-Act
- Cohn, M. (2017.) SOX compliance still costs companies heavily. Retrieved from https://www.accountingtoday.com/news/sox-compliance-still-costs-companies-heavily
- Cohn, M. (2019.) SOX compliance hours on the rise, despite technology. Retrieved from https://www.accountingtoday.com/news/sarbanes-oxley-compliance-hours-on-the-rise-despite-technology
- Bertsch, K., Fornelli, C., Peters, S.J., et. al. (2017.) Sarbanes-Oxley: Don’t mess with success. The Hill. Retrieved from https://thehill.com/blogs/congress-blog/economy-budget/343402-sarbanes-oxley-dont-mess-with-success