Section 403 amends
Section 16(a) of the SEC Act to require that any Form 4 be filed before the
end of the second business day following a change in stock ownership. Previously, Form 4 was due the tenth day of the month following the
transaction. [3] Additionally, all transactions between officers, directors, and the
issuer that were Sarbanes-Oxley Act of 2002 previously exempt from short-swing profit recovery under the
16b-3 rule of the SEC Act and were eligible for deferred reporting on Form 5
must now be reported on Form 4 within two days of the execution date of the
transaction (SEC Release, 2002). Sarbanes-Oxley contains mandates regarding the establishment of payroll system controls.

The Sarbanes-Oxley Act of 2002 was bought into enactment on the back of multiple corporate financial scandals in the early 2000’s. Since then, all public companies are now required to create and implement processes that report to SEC compliance. Section 101–109, codified 15 U.S.C. §§ 7211–7220 with amendments to various sections of the Securities Act, created the Public Company Accounting and Oversight Board (PCAOB) to oversee public audit companies and promulgate auditing standards to ensure quality reporting and independent auditing. Supreme Court in PCAOB v. Free Enterprise Fund found the PCAOB removal provision—that the President may not remove a PCAOB commissioner but may only influence their tenure through the SEC commissioners, whom the President can only remove for cause, who may remove PCAOB commissioners only for cause—to be unconstitutional. However, the Court only severed the provision requiring the SEC to have cause to remove PCAOB commissioners, leaving PCAOB intact.

The Core Objectives of SOX:

A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation. Section 404 deals with “Management Assessment of Internal Controls” and requires companies to publish details about their internal accounting controls and their procedures for financial reporting as part of their annual financial reports. Section 404 requires corporate executives to personally certify the accuracy of their company’s financial statements and makes them individually liable if the SEC finds violations. Disclosure requirements
on public companies have become more stringent under the Act. Effective
immediately public companies must promptly disclose information on material
changes in their financial conditions or operations on a rapid and current
basis (Section 409).

It prohibits accounting firms from doing business consulting with the companies they are auditing. They can still act as tax consultants, but the lead audit partners must rotate off the account after five years. The U.S. Congress passed the Sarbanes-Oxley Act of 2002 to help protect investors from fraudulent financial reporting by corporations. Its purpose was to “enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud.”  In addition, the new law created the “Public Company Accounting Oversight Board” to oversee auditors (United States Securities and Exchange Commission, n.d.). The rules of professional responsibility for attorneys appearing and practicing
before the SEC have also been amended.

A company’s workforce, salaries, benefits, incentives, paid time off, and training costs must be painstakingly accounted for under Section 404 of Sarbanes-Oxley. SOX requires certain employers to adopt an ethics program that include a codified code of ethics, a communications plan, ans staff training. Whistleblowers can play an important role in helping the SEC identify and prosecute violations of Sarbanes-Oxley or other provisions of federal securities laws. Whistleblowers can, however, experience challenges as cases proceed through the enforcement process, which can often be lengthy and complicated.

Costs to Businesses

The result is not only shareholder protection, the official purpose of the act, but also enhanced shareholder value. Besides the financial side of a business, such as audits, accuracy, and controls, the SOX Act of 2002 also outlines requirements for information technology (IT) departments regarding electronic records. The act does not specify a set of business practices in this regard but instead defines which company records need to be kept on file and for how long. The standards outlined in the SOX Act of 2002 do not specify how a business should store its records, just that it’s the company IT department’s responsibility to store them. Section 302 pertains to “Corporate Responsibility for Financial Reports.” It established, in part, that CEOs and CFOs must review all financial reports and that the reports are “fairly presented” and don’t contain misrepresentations. This section also established that CEOs and CFOs are responsible for internal accounting controls.

Corporate leaders also voiced concerns that meeting the regulations laid out in the Sarbanes-Oxley Act would take too much executive time and that compliance costs would amount to an exorbitant amount of money. The Act had critics from the start, including many executives who felt they were unfairly burdened by new regulations due to the dishonest and negligent acts of a few others. In 2008, Newt Gingrich blamed the financial crisis on the Act, citing it as the reason for a low number of initial public offerings, and asked Congress to repeal the Act. It may have convinced some businesses to use private equity funding instead of using the stock market. It turns out that Enron was using fraudulent accounting practices to hide its liabilities and debts in offshore companies to boost its “profits.” 1.This includes foreign firms that perform audit work for a foreign subsidiary
of a U.S. parent.

Sarbanes Oxley Act

I am surprised that the Sarbanes–Oxley Act, so rapidly developed and enacted, has functioned as well as it has … the act importantly reinforced the principle that shareholders own our corporations and that corporate managers should be working on behalf of shareholders to allocate business resources to their optimum use. Clearly not all of the Titles are relevant to a company concerned with SOX compliance. The relevant titles from a compliance perspective are Titles 3, 4, 8, and 9.

Sarbanes-Oxley also created the Public Company Accounting Oversight Board (PCAOB), a non-government organization to oversee the public accounting profession and audits of public companies. All of this takes a lot of work on the part of companies, and many look for help doing it. One organization that offers resources is the Committee of Sponsoring Organizations of the Treadway Commission, or COSO. Formed in 1985 to help fight corporate fraud, COSO has for years maintained a framework for internal controls that companies can follow in order to implement best anti-fraud practices. The most recent revision, which dates from 2013, specifically outlines how it can help you achieve Sarbanes-Oxley compliance.

SOX Compliance

Since many of the SOX requirements are good business practices whether or not the company is subject to mandatory compliance, there’s little downside to getting a head start. Private companies must also adopt SOX-type governance and internal control structures. They will also face higher insurance premiums and greater civil liability. These would create a loss of status among potential customers, investors, and donors. Sarbanes-Oxley requires GSK to have a code of ethics “applicable to its Principal financial officer and controller or Principal accounting officer, or persons performing similar functions”.

• It’s a compliance audit done by a neutral third party to verify financial statements of a company and how they were created.
• The officers must “have evaluated the effectiveness of the company’s internal controls as of a date within 90 days prior to the report” and “have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date”.
• Section 404, codified 15 U.S.C. § 7262, which requires management to establish adequate internal control structure and procedures for financial reporting.
• The Sarbanes-Oxley Act of 2002 was bought into enactment on the back of multiple corporate financial scandals in the early 2000’s.

On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $3.8 billion during the past five quarters (15 months), primarily by improperly accounting for its operating costs. Senator Sarbanes introduced Senate Bill 2673 to the full Senate that same day, and it passed 97–0 less than three weeks later on July 15, 2002. Federal lawmakers enacted the Sarbanes-Oxley Act in large part due to corporate scandals at the start of the 21st century. Many thought that Sarbanes-Oxley was too punitive and costly to put in place.

What happens if a company doesn’t comply with Sarbanes-Oxley?

In certain
situations, the SEC may make exceptions to these requirements, and again, it
is likely that the SEC will issue further guidance regarding this requirement. The
civil certification is very similar to the SEC�s proposed regulations of
June 2002, and it is likely that the latter will be revised to conform to The
Act. It is anticipated that the
SEC will provide interpretative guidelines to help better understand this
certification. In addition to the above, it’s worth considering the use of Sarbanes Oxley software. SOX compliance software can help with tracking data, flagging potential problem areas, and generating reports.

In order to maintain these benefits, however, Blair reinforces that each company’s culture needs to prioritize these ethical values. In addition, audit inspections are now conducted via the PCAOB when they were previously conducted by auditor peers. The most infamous edict within SOX lies in section 404, according to Reese Blair ’98, audit partner at Deloitte. Section 404 is a mere 180 words long, but still manages to be split into three parts, each of which sent shockwaves through the business world. IT IS ORDERED that the Commission hereby determines that the PCAOB has satisfied the requirements of Section 101(d) of the Act. RSI security has a more in-depth look at what you need to do when facing a Sarbanes-Oxley compliance audit that has lots of great details.

Sarbanes–Oxley Section 404: Assessment of internal control

Research analysts who criticize investment-banking clients of firms are also afforded protection
from retaliation by Wall Street investment firms. Effective immediately, it will be unlawful for an issuer to extend
credit directly or indirectly, including through a subsidiary to any
director or executive officer. This includes extending, modifying, or renewing any personal loan to a director or
officer (Section 402). Consumer
credit companies will be permitted to make home improvement and consumer
credit loans and issue an extension of credit under an open-end credit plan or
charge card as long as it is done in the ordinary course of business and on
the same terms and conditions made to the general public.

The best way to see the effectiveness of the PCAOB’s oversight is through restatements, says James Kaiser ’79, former PCAOB board member. Financial restatements are made when a company needs to revise one or more of their previous financial statements to correct an error. Since the appointment of its board members, the PCAOB has undertaken many actions to demonstrate its readiness to carry out the requirements of the Act. For example, it has hired or substantially completed the hiring process to fill, on a permanent or acting basis, a majority of its key positions, including the Director of Registration and Inspections and the Chief Auditor.

• The first year of implementation was costly and onerous, far more so than companies had been led to expect.
• Independent auditors did their fair share of adapting to SOX’s new guidelines as well.
• Under Sarbanes–Oxley, two separate sections came into effect—one civil and the other criminal.
• If a member of the audit
  committee is not a �financial expert,� then an explanation as to why not will
  have to be provided (Section 407).
• To do this, managers are generally adopting an internal control framework such as that described in COSO.
• The Sarbanes-Oxley Act was passed by Congress to curb widespread fraudulence in corporate financial reports, scandals that rocked the early 2000s.

Passed in 2002 in the wake of a series of corporate scandals and the bursting of the dot-com bubble, Sarbanes-Oxley imposed a number of reporting, accounting, and data retention mandates to ensure that business practices at big companies remain above board. Section 404 of the SOX Act of 2002 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it’s often expensive to establish and maintain the necessary internal controls.