Based in Denver, CO, Agile Ideation collects the thoughts and experiences of Ed Schaefer. His posts explore agile and devops related topics as he works to maximize team effectiveness and minimize waste through continuous learning, coaching and empowering teams.

Sarbanes-Oxley: Review & Impact


The Sarbanes-Oxley Act (SOX), passed in 2002, was created to increase corporate financial and accounting oversight. Corporate scandals, such as those at Enron and MCI, made it evident new legislation needed to be passed to hold corporations accountable and reduce the potential for such activities to be perpetuated in the future. SOX required sweeping changes in reporting for publically traded companies which has, and will continue to have, negative and positive impacts on corporations. The pros and cons of the impacts are still hotly debated. These impacts will be examined and discussed following a brief summary of the act.

In response to a number of very public corporate and accounting scandals, SOX was enacted July 30, 2002. Public confidence in securities markets was shaken as companies like Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom collapsed and investors lost billions of dollars without warning. As the activities of these companies were examined and better understood, it was clear certain aspects were similar across companies and needed to be addressed and considered as part of the act. These issues include conflicts of interest among auditors, boardroom oversight failures, conflicts of interest among securities analysts, poor banking practices, executive compensation relating to stock options as compensation, issues related to the internet bubble that could happen again, and finally poor rule creation and enforcement by the SEC due to underfunding.

The financial reporting requirements and mandates of SOX are laid out in 11 titles each containing of several sections, summarized here:

I. Public Company Accounting Oversight Board

Title I establishes independent oversight of auditors, forms a centralized oversight board to define procedures for auditing compliance, auditor registration and policing and enforcing compliance with SOX.

II. Auditor Independence

Title II attempts to limit conflicts of interest by introducing standards for external auditors. This title restricts an auditing company from providing audit clients with non-audit services as well as creating requirements for new auditor approval, audit partner rotation and reporting.

III. Corporate Responsibility

Title III attempts to increase confidence in the accuracy and completeness of corporate financial reports by requiring certain senior executives to sign and take individual responsibility every quarter.

IV. Enhanced Financial Disclosures

Title IV details the enhanced requirements for financial reporting. To provide assurance of the accuracy of financial reports and disclosures, internal controls and audits on these controls, are mandated. Reporting requirements for transactions including off-balance-sheet transactions, pro-forma figures and stock transactions of corporate insiders are also covered by this title, as well as timing to report material changes and SEC review requirements.

V. Analyst Conflicts of Interest

Title V creates a code of conduct for security analysts and requirements for disclosure of knowable conflicts of interest to help restore investor confidence in analyst reporting.

VI. Commission Resources and Authority

Title VI also addresses investor confidence in analysts by introducing defined practices including the conditions under which an individual broker, advisor or dealer would be barred from practicing.

VII. Studies and Reports

Title VII specifies the studies and reports the Comptroller General and the SEC must perform. Aspects such as accounting firm consolidation, the impact of credit rating agencies on securities markets operations, securities violations and enforcement, and what role investment banks played in the corporate scandals must be covered when the findings are reported.

VIII. Corporate and Criminal Fraud Accountability

Title VIII establishes certain protections for whistle-blowers while setting standard specific criminal penalties for manipulation, alteration or destruction of financial records and other interference with investigations.

IX. White Collar Crime Penalty Enhancements

Title IX raises the criminal penalties related to white-collar crimes by making failure to certify financial reports a criminal offense and recommending stronger sentencing guidelines for white collar crime.

X. Corporate Tax Returns

Title X states the company tax return should be signed by the Chief Executive Officer of the company.

XI. Corporate Fraud and Accountability

Title XI also relates to sentencing and penalties. This title classifies records tampering and corporate fraud as criminal offenses. Modifications to sentencing guidelines and stronger penalties are also included, giving the SEC the ability to temporarily freeze suspicious transactions.

Measuring the impact of SOX is complicated as other factors that influence the stock market are difficult to isolate and remove. Even with significant analysis and research many different conclusions have been reached in regards to the benefits and costs of SOX thus far as well as into the future. Since the primary concern is the accuracy of financial reporting data, under SOX the importance of IT only relates to its ability to make that reporting more reliable. The negative impact primarily revolves around compliance costs, while the goals of the act itself make up the majority of the benefits.

Compliance with SOX can be very expensive. Multiple research firms have conducted surveys and found significant increases in costs for compliance. Expenses such as internal control costs, accounting fees and higher liability insurance premiums for directors and officers are passed on to customers in the form of higher prices, potentially eliminating any operating profit for small companies. In addition to monetary costs, time and priorities are skewed as employees must be assigned to focus on compliance and additional legal or accounting counsel is hired to ensure the company is not breaking the law. Some critics claim an additional negative impact is small or international businesses not listing stock on a US exchange due to higher costs and compliance requirements.

Researchers have analyzed the impact of the act and determined many of the acts original goals have been met, demonstrating some success. One paper found that corporate transparency for cross-listed firms subject to SOX had increased relative to foreign only listed companies. Other studies have found benefits including more conservative earnings reporting, lower borrowing costs for corporations with improved internal controls and improved internal controls, in general. One study’s findings indicated that companies tend to experience significantly greater increases in share price if there are no significant weaknesses, or issues are corrected quickly, with their internal controls compared to those with problems, even suggesting the increase in share price was greater than SOX compliance costs.

The Sarbanes-Oxley Act is very divisive, making it difficult to determine if the benefits outweigh the costs. No matter the side of the argument, SOX was clearly successful in accomplishing its goal of enhancing the standards for compliance, transparency and accountability. Debate continues to this day, and detractors are one of the biggest potential challenges as the constitutionality of the law has been brought under scrutiny and there has been some pressure to repeal from the financial industry. Perhaps finding a way to simplify compliance without impacting transparency would be an acceptable solution to all.


How Viruses, Worms and Trojans Impact Organizations

Business Continuity Planning (BCP)