The United States’ corporate sector has witnessed a number of serious ethical malpractices in the last decade. It is against this backdrop that the U.S Congress enacted the Sarbanes Oxley Act , commonly referred to as SOX to address ethical issues in the corporate sector. Although some provisions of SOX are poised to be replaced by the Congress, it is worthy to note some of the salient reforms brought about by the law. For the first time, SOX offered anti-retaliatory provision to safeguard whistleblowers that unraveled financial and accounting malpractices committed by their employers (Rapp, 2007, p.92; Ramirez, 2007, p.183).
There are a number of corporate issues covered under SOX but which could be resolved voluntarily. For example, Auditor Independence is a statutory code of ethics contained within COX. According to this statutory code of ethics, accounting companies that audit publicly traded companies are prohibited from carrying out the following consulting services on behalf of the firms they audit:
- Actuarial services
- Secretarial and other services associated with financial statements or accounting records on behalf of the audit client.
- Outsourcing internal audit services.
- Creating and implementing financial information systems of the audit client.
- Administrative roles and human resources.
- Dealer/broker, investment banking services, and investment consultant.
- Valuation and appraisal services, contribution-in-kind reports, and fairness opinions.
- Expert and legal services not related to the audit (Jennings, 2012, p.213).
Consequently, a significant portion of the SOX reforms lends credence on structural instruments designed to promote efficient corporate governance, managerial responsibility as well as financial market authenticity (Rapp, 2007, p.108; Cobb, 2004, p.48). What’s more, the Act addresses issues related to conflict of interests. An audit company is prohibited (for one year) to audit a firm that has one of its previous staff members occupying a senior management position. For instance, if a partner from PwC is enlisted by Xena Company as its Chief Financial Officer, PwC is automatically ineligible to be the auditor for Xena for a period of one year. Another salient provision of the Act requires that the audit partner for the accounting company must be alternated after five years. The auditor is also required to report directly to the audit committee of the firm (Jennings, 2012, p.213).
There are additional costs associated with the introduction of the SOX Act. For example, the Corporate Responsibility section of the Act holds audit committees liable for the recruitment, reimbursement and oversight of the public accounting company in charge of auditing and verifying the financial statements of the company. In addition, the Act requires the firm’s CEO and CFO to endorse the financial accounts the firm submits to the SEC as being a true reflection of the financial conditions of the company. There is a bit of a penalty associated with the certification. The new Act requires both the CEOs and CFOs to give up any compensation and bonuses they got on the basis of financial statements that had to be reiterated as a result of inaccurate disclosure. In addition,
The Act empowers SEC to ban directors and officers if they infringe on securities laws or are unfit to serve (Jennings, 2012, p.214).
It deserves merit to note that SOX was enacted following the collapse of Enron. The Act introduced stiff penalties on those officers who engage in unfair stock dealings. Officers who infringe on this Act are subjected to blackout periods (Dworkin, 2007, p.1758). In general, public firms have experienced additional costs after the Sarbanes-Oxley Act  was enacted. According to a study done by Eldridge and Kealey (2005), the $2.3 million increase in the average audit fee between 2003 and 2004 was mainly due to the new SOX audit law (p.2). According to the findings of the research, companies with inefficient internal controls systems incurred elevated SOX audit costs compared to those with efficient internal controls (Eldridge & Kealey, 2005, p.3).
The additional costs associated with the introduction of SOX are easy to discern (Dworkin, 2007, p.1778). Prior to attestation, firms must assess and document their current internal control systems, decide what adjustments are needed to enhance those systems, execute changes and check the efficiency of the adopted internal controls. The costs associated with these tasks include increased external consulting costs, internal staff wages and benefits and new technology (Eldridge & Kealey, 2005, p.5). In a survey carried out by the Financial Executives International (FEI), executives were asked about three categories of SOX compliance cost: cost of internal staffing; auditor attestation costs; and external costs. For the respondents working in companies with revenues exceeding $1billion, the mean total SOX-related costs rose from $3.1 in January of 2004 to $5.1 million in July of the same year. The mean auditor attestation cost increase from $590,000 to $823,000 between January and July of 2004 (Eldridge & Kealey, 2005, p.6). Based on the evidences presented above, the enactment of SOX introduced additional audit costs to publicly listed companies.
There are several governance practices that a publicly listed company must adopt to comply with SOX. For example, section IV of SOX Act deals with financial disclosures of publicly listed firms. Following the Enron scandal, the Congress mandated SEC to address accounting malpractices for off-balance sheet transactions which threatened the financial position of the firm. Ever since SOX was enacted, SEC has significantly altered regulations for off-balance sheet transactions. Public companies are thus required to adopt good governance practice in order to comply with the new SOX requirements. For example, part IV of SOX prohibits companies from granting personal loans to corporate executives. They are also required to shorten the period they take to unveil transactions in the firm’s shares. As of now, executives must disclose this information within two business days of the transaction to comply with SOX regulations (Jennings, 2012, p.214).
What’s more, part IV of SOX requires firms to have a code of ethics for senior financial executives (Dittmar, 2004, p.17). This code should apply to chief accounting officer, comptroller and chief financial officer. Companies must also incorporate internal control report as well as appraisal in their annual reports. A public accounting company that produces the audit report is also required to certify and submit a report on the status of the firm’s internal control. Part IV of SOX also makes it mandatory for each audit committee to have at least one member who is a financial specialist (Jennings, 2012, p.215). The Act requires that: CEOs of each listed company to observe the integrity of financial reporting practices; public companies set up autonomous audit committees of the boards of directors; and companies submit periodic reports to the SEC on an accelerated basis. In essence, the aim of SOX is to convert corporate board members into dynamic managers to monitor ethical malpractices within their respective companies (Rapp, 2007, p.109).
SOX regulations also impacts organization governance, IT administration, the functions of CIOs, business continuity plans as well as outsourcers (Chan, 2004, p.31). In order to comply with SOX, CFOs and CEOs must ask their IT departments to provide them with evidence that computerized parts of financial processes have apt controls. They also need assurance that the computer-generated financial statements are complete and accurate, and any omissions are documented and reported to them in time (Brown & Nasuti, 2005, p.313). Section 404 of SOX and SEC regulations provide guidelines on the manner in which internal audit controls of the companies must be reported at the end of each fiscal year (Pathak, 2003, p.32). For example, the internal audit report must incorporate the following elements:
- A statement by the management highlighting their roles in setting up and sustaining sufficient internal control.
- Management’s appraisal of the value of the firm’s internal control.
- A corroboration report on management’s appraisal of the firm’s internal control over financial report.
- A statement that a registered public audit firm audited the financial statements of the company (Brown & Nasuti, 2005, p.314).
Section 404 of SOX requires the management to reveal any tangible shortfalls in internal control. If such tangible shortfalls are present, management cannot claim that the internal control of the firm over financial report is efficient. In addition, the auditor of the company must corroborate assertions made by management concerning internal controls of the company (Brown & Nasuti, 2005, p.314).
- Brown, W., & Nasuti, F. (2005). What ERP systems can tell us about Sarbanes-Oxley? Information Management & Computer Security, 13(4), 311-327.
- Chan, S. (2004). Sarbanes-Oxley: the IT dimension. The Internal Auditor, 61(1), 31-33.
- Cobb, C.G. (2004). Sarbanes-Oxley: pain or gain? Quality Progress, 37(11), 48-52.
- Dittmar, L. (2004). What will you do in Sarbanes-Oxley’s second year? Financial Executive, 20(8), 17-18.
- Dworkin, T.M. (2007). SOX and Whistleblowing. Michigan Law review, 105, 1757-1780.
- Eldridge, S.W., & Kealey, B.T. (2005). SOX Costs: Auditor Attestation under Section 404. Omaha, NE: University of Nebraska.
- Jennings, M. (Eds.). (2012). Business ethics: case studies and selected readings. Australia: South-Western, Cengage Learning.
- Pathak, J. (2003). Internal audit and e-commerce controls. Internal Auditing, 18(2), 30 34.
- Ramirez, M.K. (2007). Blowing the Whistle on Whistleblower Protection: A Tale of Reform versus Power. University of Cincinnati Law Review, 76, 183- 233.
- Rapp, G.C. (2007). Beyond Protection: Invigorating Incentives for Sarbanes-Oxley Corporate and Securities Fraud Whistleblowers. Boston University Law Review, 87, 91-156.