What is the Sarbanes-Oxley Act of 2002? An overview
|Image credit: Leigh Goessl|
The law impacts all businesses that are publicly traded and fall under the jurisdiction of the U.S. Securities and Exchange commission; essentially any company that trades on any U.S. stock exchange. Additionally, businesses that generate $75 million in market capital must also comply with SOX. Even companies that operate off U.S. soil are not exempt from SOX. If a foreign company operating and residing outside of the U.S. is listed on American stock exchanges, they too must comply with SOX provisions.
There are several sections of SOX that have had a significant impact on businesses, financially and procedural. Due to the constraints SOX has placed on businesses, doing an overhaul of accounting procedures and the documentation process has been a significant burden, but one that must be carried in order to remain compliant with the law. Here is a rundown of the major sections of the Sarbanes-Oxley Act and what it means for businesses who are obligated to comply:
Section 302This section of SOX relates to corporate responsibility and management's role in this process. As a result of this portion of the law, executive management must take on the burden of compliance because they will be accountable for any reporting that is done. Essentially, because of Section 302, executive management cannot pass the proverbial buck because they are held accountable. The signing officer must review the report, feel confident that to his or her own personal knowledge there are no incorrect or misrepresented information, or deliberate omissions.
Section 401In accordance with SOX, "Financial statements are published by issuers are required to be accurate and presented in a manner that does not contain incorrect statements or admit to state material information" (www.soxlaw.com). What this means is any financial statements generated must include off-balance sheet liabilities, obligations or transactions.
Section 404Perhaps the most well-known section and one with the most long-reaching consequences of SOX is Section 404. This section of SOX stipulates that affected companies must create internal controls on reporting and also conduct external audits which will determine whether or not the established internal controls are adequate and meet the requirements of SOX.
While technology is not exactly denoted in this section of SOX, it is pretty much a given that a company's technology is really what Section 404 is all about. Automated and computer systems are a large part of operations and accounting procedures. Companies must ensure their internal controls are sufficient enough to preserve the accuracy, integrity and security of any collected or generated data.
Section 409This section of SOX requires that companies are "required to disclose to the public, on an urgent basis, information on material changes in their financial condition or operations" (www.soxlaw.com). When this information is released, it must be written so the layman can understand it and supported by any supplemental information (such as graphics and charts) that would help the public understand what is being communicated.
Section 802Section 802 clearly outlines the penalties and fines associated with fraudulent or misrepresentation in financial reporting. This includes falsification, concealment, destruction, altering, or any other action that was taken with the intent to obstruct or interfere with a legal investigation.
The Sarbanes-Oxley Act of 2002 has had a significant impact on those companies impacted and has thoroughly become integrated as a part of overall corporate governance.
The good news is that despite the burdens associated with SOX, businesses can use this law to gain a competitive advantage. Generally, all businesses today use IT as a part of their strategy and since SOX is so closely entwined with technology (particularly Section 404), companies can connect their businesses strategies to compliance and use the technologies associated with controls to meet dual purposes; this can be both a good strategy and cost-effective.
SOX seemingly is here to stay, and companies that do not comply end up suffering large consequences. Businesses are better off looking for ways to link compliance with an overall strategy and enjoy the natural benefits that can result from corporate governance and observance of the Sarbanes-Oxley Act.