Sarbanes Oxley

A brief summary of the Sarbanes Oxley Act of 2002 is hard to come by. With 90 sections and 300 laws in all, it’s quite a lot to sift through for company manager trying to make sense of it—much less implement the vast selection of requirements put forth.

Nevertheless, developing an understanding of this complex legal document is crucial to the health of a corporation. If for no other reason, compliance with Sarbanes Oxley (or SOX) can help to keep the heads of employees, executives and other interested parties well above water. Indeed, in summarizing the Sarbanes Oxley Act, it is necessary to understand that those who do not fall in line with the requirements face stiff penalties including huge fines and up to 20 years prison time.

The Sarbanes Oxley Act, in summary, requires that corporations maintain much better financial records than were required in the past. It requires companies to actually establish a system of internal controls by which financial reporting takes place. It then requires managers to prepare quarterly statements assessing the strengths and weaknesses of these controls, and furthermore forces an outside accounting agency to do provide an independent assessment of the in-house auditing controls, and to report any flaws which may indicate sloppy—or fraudulent—practices taking place.

As a part of financial reporting under SOX, record keeping is a major point of interest. When crafting this piece of legislation, federal lawmakers made sure that corporations would be required to maintain records—both paper and electronic—for a minimum of five years. For an age in which an increasing number of transactions and reporting have become electronic, Sarbox has placed a heavy strain on IT departments, email archiving specialists and Sarbanes Oxley software developers.

Another major provision of the SOX Act is the protection of whistle blowers. Before it was enacted in 2002, the law was much less stern in explicitly regulating against the threatening or harassment of individuals who leak information about malfeasance from the inside. Now, there are special penalties for corporate staff who transgress in this area.

Sarbanes Oxley Act Section 404

While the new, far-reaching regulations of the Sarbanes Oxley Act have unleashed a chorus of complaint among business leaders, accounting firms and IT professionals throughout the corporate United States, there is precisely one stipulation which has gotten more than its fare share of invective.

It’s called Section 404 of the Sarbanes Oxley Act, and it is important to note that, coming from a federal law with over 300 distinct points of regulation, it is no small feat for a single section to have received such notoriety.

But what, exactly, is it about Sarbanes Oxley Section 404 that makes it so contentious? In order to better understand Section 404 of the Sarbanes Oxley Act, the following summary lists the precise requirements of the section.

Essentially, there are four main must-do’s of financial reporting that lawmakers put forth in Section 404 of the Sarbanes Oxley Act, which is also called “Management Assessment of Internal Controls.” Much to the chagrin of those in charge of implementing these requirements, each one of these has proven to be quite a chore, requiring extensive workforce training, software implementation and coordination with outside auditors. Section 404 requires that:

• Managers prepare a statement that outlines the corporate leadership’s responsibility for the creation and administration of an in-house control structure and financial reporting procedures.
  
• Managers also prepare a separate statement that maps out the process by which they come up with the self-evaluation of internal controls.
  
• Management draw up yet another assessment of how effective their internal financial reporting controls have been upon the completion of each fiscal year.
  
• The corporation’s auditors prepare what is called an “attestation” on how good the company’s own assessment of financial reporting really is. Moreover, the auditor must point out any and all weaknesses in any part of the above listed procedures, as these could potentially indicate fraudulent activity—or at least noncompliance with SOX—on the part of the company.

Sarbanes Oxley Legislation

It is important to understand that Sarbanes Oxley legislation was pushed through congress and signed into law in a time of strained nerves, politically and economically. The United States had recently suffered a spate of dramatic corporate scandals (think Enron, WorldCom) and the very core of investor confidence was being threatened.

Something needed to be done, and fast.
The solution—in the form of Sarbanes-Oxley legislation made law in 2002—has since raised the ire of American business professionals and Corporate America due to the fact that the cost of Sarbanes-Oxley compliance measures has proven to be extremely costly, not to mention provocative of an extreme collective headache brought about by the extensive time and coordinate requirements for meeting compliance measures.

Nevertheless, the law is not being ignored by federal regulators, and therefore companies are scrambling to comply. One of the major stipulations of Sarbanes Oxley legislation has been the creation of a new board to oversee how companies and management carry out the specific requirements. While administered by the Securities and Exchange Commission (SEC), the legislation for Sarbanes Oxley has designated the creation of the Public Company Accounting Oversight Board. Specifically mandated to monitor the actions of accounting companies, the PCOAB (as it is called) makes sure that many of the requirements of Sarbanes Oxley legislation are followed through.

While the initial thought behind the legislation that turned into Sarbanes Oxley law was the simple improvement of accountability among managers in their relation to investors holding company stock, the troubled times in which SOX legislation took root worked to create a virtual behemoth of regulation. With more than 90 sections and 300 distinct legal requirements, Sarbox legislation is so far reaching that many are beginning to wonder whether the costs of implementation are actually amounting to significant relative benefit.

Yet while this may be speculated upon for years to come, one fact remains: the consequences for noncompliance are drastic, involving heavy financial penalties and even up to 20 years in prison.

Sarbanes Oxley Requirements

With well over 90 different sections and 300 separate legal stipulations, the requirements set forth by the Sarbanes Oxley Act of 2002 can seem like a lot at first glance—and, most likely, the second and third glance as well. In fact, experts who’ve spent plenty of time pouring over this piece of legislation still agree that the requirements of Sarbanes Oxley are, in a word, complex.

Some of the most audible complaints, however, arise from the business managers who are faced with the daunting task of implementing a long list of Sarbanes Oxley requirements. Yet following the alternative route—not complying—can lead to heavy penalties and prison time.

That’s why it is highly important for managers and accountants in charge of internal controls and financial reporting to develop a definite understanding of Sarbanes Oxley requirements. Note that the implementation of the requirements outlined by Sarbanes Oxley is, in practice, a precise methodology that must be administered properly if it is to pass muster before an audit by the Securities and Exchange Commission (SEC), the federal agency that is responsible for administering this law, and the Public Company Accounting Oversight Board (PCAOB), set up by Sarbanes Oxley legislation in order to monitor auditing activities.

As one major component of stepping in line with Sarbanes Oxley requirements, training is therefore necessary in order to effectively carry out the long list of must-do’s involved. In addition, numerous software providers have rolled out advanced programs that specialize in the automation routine compliance measures.

Indeed, training and compliance software are crucial to finding the most cost-effective way of becoming Sarbanes Oxley compliant, and, as mentioned earlier, lack of compliance with Sarbanes Oxley requirements can pose a dangerous risk to corporate managers.