Sarbanes-Oxley Act of 2002

Let’s discuss the Sarbanes-Oxley Act of 2002. In the early 2000s, corporate fraud was rampant. Companies were manipulating their financial figures, prompting Congress to pass the Sarbanes-Oxley Act of 2002. This act essentially outlines rules that public companies must follow when reporting their financial statements, along with the punishments for non-compliance.

The Sarbanes-Oxley Act primarily pertains to public companies. The Act influenced multiple aspects of these companies, notably their internal controls, which now require an audit. The CEO and CFO are mandated to provide written representations in the financial statements, assuming responsibility for the reported figures. Penalties for non-compliance were increased, and whistleblower protections were enhanced, creating a safer environment for employees reporting fraudulent acts.

Let’s delve into each aspect of how the Sarbanes-Oxley Act revolutionized the accounting world. As previously mentioned, the Act primarily targets public companies, also referred to as issuers. The Act also applies to private companies but to a lesser degree.

The Sarbanes-Oxley Act consists of various sections, like Section 3, focusing on corporate responsibility, and Section 11 which discusses corporate fraud accountability. However, for our discussion, we will categorize everything by topic instead of by section, so there’s no need to memorize specific sections.

One section we will spotlight is Section 404, dealing with the audit of internal controls. The first significant requirement of Sarbanes-Oxley is Section 404, which requires public companies to have their internal controls audited every year (along with their financial statement audit). When an auditor conducts an audit of a public company, they scrutinize two primary areas: the actual financial statements and disclosures, and the company’s internal controls.

The requirement for auditing internal controls was introduced by Section 404, necessitating auditors to test a company’s internal controls and issue an opinion on them. The rationale behind auditing internal controls is straightforward: without effective internal controls, how can stakeholders trust the figures in the financial statements? If an accountant can manipulate figures because no one is reviewing their work, the question arises: how can investors trust those numbers?

Now, let’s consider the responsibilities placed on CEOs and CFOs as a result of the Act. In the financial statements, the CEO and CFO are required to include a signed statement. This statement exhibits their responsibility for the financial statements, ensuring that if any issues arise with the financial statements, they cannot claim ignorance or lack of involvement.

This signed statement includes affirmations such as:

• They are responsible for establishing and maintaining controls

• They have designed effective internal controls

• They have reasonable assurance that the financial statement figures are accurate

• Any issues with the internal controls have been appropriately communicated to the

  auditors and audit committee

• To their knowledge, the financial statements do not contain any false statements

   to their knowledge

• The financial statements fairly represent, in all material respects, the financial

   condition of the company

Now that we’ve discussed the signed statements, let’s consider a few other ways that Sarbanes-Oxley influences the executives of a company. One such way relates to bonuses paid to executives. If executives receive a bonus based on the financial statements, but those statements had to be restated due to inaccurate reporting, the executives would then be required to return their bonus. This discourages misstating the financial statements to obtain a larger bonus. Also, the executives and board of directors cannot take out loans from the company.

Now, let’s discuss how Sarbanes-Oxley influenced the way a company has to report its financial statements. The required disclosures as a result of Sarbanes-Oxley include footnotes on operating leases, contingent obligations, and relationships with unconsolidated subsidiaries. These are items that companies were not previously mandated to report in their footnotes. For example, a contingent obligation is a liability that an organization might have in the future, but it’s not certain. Because of Sarbanes-Oxley, an organization now needs to write a footnote to explain this potential liability.

We previously mentioned that due to Sarbanes-Oxley, auditors had to begin auditing the company’s internal controls and issue a report on their effectiveness (Section 404). There were also several other changes to the audit process.

The first one is that auditors are now mandated to retain paperwork for public companies for seven years. This way, if any issues arise, they can revisit their work papers.

The next requirement is that the lead audit partner must rotate off an engagement every five years. This prevents the lead audit partner from becoming too close to the company’s five years. This prevents the lead audit partner from becoming too close to the company’s

Sarbanes-Oxley also increased the requirements of a company’s audit committee, a committee specifically dedicated to the company’s audit process. The audit committee is responsible for selecting the external auditing company that will perform the audit and determining the company’s remuneration. Who comprises the audit committee? The audit committee only includes individuals already part of the company’s board of directors. Alongside having only members from the board of directors, the audit committee must have at least one financial expert. At least one person on the audit committee must be a financial expert.

If this committee is making significant decisions about the company’s audits, then it needs at least one person who understands accounting. The definition of a financial expert could encompass several types of experience, including experience in internal controls, experience with GAAP, experience on other audit committees, or experience with auditing financial Statements.

In addition to these requirements, the individuals on the audit committee must be independent, which means they can’t receive consulting fees from the company. Since they’re directing the auditing process, they should be as free from bias as possible.

A critical part of Sarbanes-Oxley is the creation of the Public Company Accounting Oversight Board, known as the PCAOB. The PCAOB is a nonprofit corporation responsible for overseeing the auditing process of public companies. The PCAOB helps establish new standards allowing for more accurate reporting. It also inspects audits to ensure they’re conducted correctly. Essentially, the PCAOB provides accountability for the auditing industry to ensure that financial statements are being accurately reported.

Every time a new auditing firm plans to audit public companies, it must register with the PCAOB. The Securities and Exchange Commission (SEC) has authority over the PCAOB; therefore, when the PCAOB seeks to initiate new rules and standards, the SEC must approve them. And when it comes to prosecuting criminal violations, the SEC handles prosecution and fines. The PCAOB does not possess the legal authority to prosecute criminal violations.

Now, let’s discuss the miscellaneous impacts of Sarbanes Oxley. First, it offers protection to whistleblowers. Whistleblowers are employees who inform authorities about wrongdoing within their organization. The safer whistleblowers feel, the more likely they are to report the misconduct instead of concealing it. When a whistleblower reveals wrongdoing, they cannot be punished by the organization they work for; thus, they can’t be fired or discriminated against.

Next, companies should implement a written code of conduct for their senior members to encourage more ethical behavior. Lastly, individuals with at least 10% ownership of a company must submit certain disclosures. These disclosures aid in providing transparency regarding who owns a company.

As mentioned earlier, before Sarbanes-Oxley, wrongdoers were not sufficiently punished. Sarbanes-Oxley implemented more severe penalties for several types of misconduct. These  punishments involve either a fine and/or imprisonment. Wrongdoers could be sent to prison for what they did.

Recall how the CEO and CFO have to certify several elements in the financial statements, like the effectiveness of internal controls. If they knowingly or willfully make a false certification, they could face up to $5 million in fines and/or up to 20 years of imprisonment. If someone attempts to manipulate information involved in an investigation, such as destroying documents, they could face up to 20 years in prison. If someone commits securities fraud, they could face up to 25 years in prison.