Introduction
The US Congress passed the Sarbanes-Oxley Act in 2002, also referred to as SOX, as a means of protecting investors from being defrauded by corporations. In particular, the legal framework mainly targeted to introduce reforms that insist on corporations disclosing as well as preventing the chances of accounting fraud. The move followed earlier scandals that had rocked the US and some of its major corporations (Abbott et al., 2003). In October 2001, for instance, one of America’s biggest energy companies, Enron, was declared bankrupt even after details about the company had pointed at a financially healthy institution. This attracted investor to put their funds into a company that was already sinking without their realization. Another of America’s largest conglomerates, Tyco, suffered a setback in 2002 after it was determined that the company’s chief executive officer together with the chief financial officer stole funds from the company to the tune of $150 million.
The scandal entailed the two selling stocks fraudulently and receiving unapproved loans. These crimes took place even as shareholders continued with investing their funds in the firm (Carcello et al., 2002). During the same year, WorldCom, a Telecommunications firm with elaborate business operations and activities, indicated in its financial records that its expenses were actually future investments. The scandal involved $3.8 billion and consequently exaggerated profits for the previous year to the tune of $1.3 billion. As these scandals and many others of their magnitude continued to erode the overall investor confidence, it was important that the American law makers institute legal mechanisms to attempt at curbing the fraud. This paper seeks to discuss the Sarbanes-Oxley Act of 1992 in detail, providing the Act’s history, the impact it created for businesses and individuals, as well as an analysis of the policy to determine its success. Additionally, the paper also offers recommendations regarding future policies of a similar nature.
History of the Act
On April 2002, a bill introduced by Oxley was passed in the House, with its main content and focus being on accountability, responsibility, as well as transparency in terms of stating a company’s financial status. During the same time, however, Senator Paul Sarbanes fronted a different proposal that resembles Oxley’s bill. The Banking Committee of the Senate reviewed the proposal and passed it with overwhelming support (Hennessey & Whitman, 2002).
Because of the similarities in the two proposals by Oxley and Sarbanes, the House saw it fit to reconcile them such that only a single act could be formed. Thus, the move led to the formation of the well known Sarbanes Oxley Act (Geiger, Raghunandan, & Rama, 2005). The underlying reasons for the formation of the Act were to put checks on corporations to avoid a repeat of financial frauds and scandals of the magnitude of Enron or Tyco or WorldCom that had contributed in killing investor confidence throughout the country. The Act has since been very significant in corporate governance, where it mainly controls the overall accounting pattern and financial disclosures in companies.
The law has played a critical role not only in protecting investor confidence in companies, but in the establishment of an accounting oversight board that caters to all public companies as well. Financial disclosures, corporate responsibility, and auditor independence have all been enhanced as a result of the enactment of the Sarbanes-Oxley Act. The rules incorporate compliance deadlines that companies are required to meet, and include companies being expected to meet certifications on financial reporting mandates for all the statements that are filed after November 15th in any given financial year. Additionally, the compliance requires smaller firms together with foreign organizations to fulfill the mandates for the statements filed after July 15th. In the original composition of the Act, this deadline had been set for April 15th before it was eventually amended and moved to 15th July (Gaynor, McDaniel & Neal, 2006).
The Sarbanes-Oxley Act’s organization comprises about 11 titles although only up to six sections are particularly significant with reference to company compliance and control. Section 404, for instance, bases mainly on the financial sector and requires that all corporate bodies enhance strict controls when it comes to financial reporting by the internal accounting personnel. Other company-specific sections in the Act include 302, 401, 409, as well as 802 and 906.
Implementation of the SOX
Management Responsibility
The internal control is virtually implemented by the people. The group with the greatest implementation responsibility in any organization is the board of directors, the management, together with other important people. This group sets the responsibility for designing and maintaining the internal controls to achieve organizational consistency. The action of the top management team, therefore, directly influences the entire organization’s objectives. The previous mismanagement scandals arose from failures on the part of a company’s organization to fulfill their responsibilities. Thus, the management of firms needs to ensure that they prepare and implement valuable codes of conduct, which provide guidelines concerning acceptable business practice as well as the expected standards that touch on morals and overall ethical behavior.
SOX places more responsibilities on management requiring them to assess, conduct tests, and document their evaluation of the internal control mechanism with regards to financial reporting as well as general compliance. As Northrup (2006) further highlights, the external auditors have their responsibility directed towards inspecting the management’s evaluation before arriving at their own conclusion that is independent of the management’s. Both auditors and managers are needed to ensure that they assess the compliance of the organization with regards to whether employees working in the firm understand and implement the code. They are also expected to set the perfect tone to be communicated throughout the firm.
Sarbanes-Oxley Act’s principle objectives are categorized into five groups that include strengthening and restoration of confidence within the accounting profession, strengthening the enforcement of federal securities laws, and improving the “tone at the top” of any corporate organization, where reference here is on the executive responsibility. Additionally, other objectives entail improving disclosure with regards to financial reporting and enhancing gatekeepers’ performance.
This focus mainly involves enhancing the audit process’ integrity in addition to audit reports reliability regarding the issuers’ financial statements. To ensure that this is achieved, the implementation of the Act has put several measures as explained below (Keinath & WaIo, 2004).
Oversight Board
The Public Company Accounting Oversight Board (PCAOB) works together with the US Securities and Exchange Commission to concentrate on accepting registrations of accounting firms, running independent funding mechanism, and developing programs on inspection and disciplinary measures. The PCAOB also writes standards on auditing and attestation, beginning with those related to reports produced by auditors concerning the company and its internal financial reporting control mechanism. The PCAOB members are appointed by the Securities and Exchange Commission, with the Commission also involved in approving rules as well as the professional standards that are applicable
Organizational Tone
This refers to the organizational culture in terms of the actions along with the deeds of employees. The employees’ participation in ensuring internal control is particularly critical because it enhances the effectiveness and overall reliability. Sarbanes-Oxley offers a distinctive chance through which companies can have their control environment or culture in the appropriate direction as required. The organizational tone involves integrity plus ethical values. The tone addresses aspects regarding to how the organization establishes values, as well as the reward achievement.
Northrup (2006) indicates that the placing of unreasonable pressures and demands ends up affecting the employees because it pollutes the activity results. The organizational tone, therefore, comprises of ingredients that allow companies to develop a perfect a control environment with effective combat fraudulent practices. The management has a primary objective of effecting internal controls to effectively explain the motivation to self-assessment of the system. The integrity of the management is needed to ensure only qualified individuals are hired and trained in readiness to execute the expected corporate obligations.
Documentation of Control Activity
Anand (2007) highlights the SOX requirement of documenting activities and processes aimed at ensuring that the control targets are attained. The documentation of relevant control activities helps the company to establish its record to help effect Section 404 of the Act. In particular, this section demands for the proper documentation and reporting of the control mechanism settled upon and the testing mechanism. The chief executive officer together with chief financial officer confirms the effectiveness of the controls during the documentation of control activities.
Evaluation of the Control Design
Anand (2007) notes that this implementation step calls on the corporations to evaluate their existing control design with a view of ensuring that the identified risk prevention objectives in the previous stages are met. Any inherent problems are likely to be noted and sorted out in advance following the early evaluation of mechanisms for control. The evaluation entails determining the exact or specific control required, where the risk being safeguarded is identified.
Individuals expected to execute the control activity are also identified to enable the organization to achieve clarity. It is a crucial move, especially in the event of discrepancies, because it will make it easier to follow through the control, related activities, as well as company members responsible for specific actions. Evaluation of the control design also involves determining the actual manner in which the control is performed. Section 404, for instance, requires that disclosure is made about the controls, and that either the chief executive officer or the chief financial officer certifies it. Determining the control performance also helps in ensuring that a clear record detailing on the processes along with the steps is maintained, such that during instances where reevaluation is necessary, it may be easier to continue with the repair activities.
The reports and information used in control performance are also needed to be properly documented. This touches on the relevant data and other documentation required to be identified as well as the system for storage and other needs considered relevant, such as destruction. Evaluating control design further requires the determination of the frequency with which the control operates. The ability to prevent or protect during risk occurrences depends heavily on the evaluation of the control design. Finally, the documented control action has to be evaluated in terms of whether it is effective in meeting the control objective assertions. The basis of a control mechanism should be to perform its role of cushioning against risk, and thus an evaluation of this aspect helps in determining its effectiveness.
SOX Code of Ethics
The requirements of the SOX are such that all public companies need to disclose their positions regarding the adoption of a code of ethics for four of their significant office bearers. These include, “the principal executive officer, the principal financial officer, as well as the principal accounting officer and other persons in the organization that could be performing similar functions” (US Securities and Exchange Commission, 2013, para. 3). In actual terms, SOX does not force companies to espouse a code of ethics. Failure to have a working code of ethics puts the firm under legal obligation to explain the failure. On the other hand, companies having codes of ethics that are short of meeting the threshold according to the rule need to explain the reason as to why that is the case.
Disclosure of the code of ethics
Companies with codes of ethics are required to present the same to the public in a particular manner or way. These include filing the copy depicting the code of ethics to act as an exhibit to the Form 10-KSB or Form 10-K that are prepared annually. Foreign private issuers, however, are expected to file copies together with the Form 20-F.
Alternatively, corporate bodies can post and maintain their code of ethics and other relevant portions on their own websites. In choosing this strategy, the firms must disclose their website address, as well as deliberate on the intention to provide the disclosure in a similar manner throughout in its yearly reports (US Securities and Exchange Commission, 2013).
The third way of disclosing the code of ethics entails a company undertaking in its yearly report to offer a relevant copy of its respective code of ethics without charge. The copy is provided to any individual who requests for the same.
Disclosure of changes
Companies are allowed to make amends on their code of ethics, or waive compliance with respect to the code of ethics especially where circumstances warrant such waivers. According to US Securities and Exchange Commission (2013), the waiver in this sense may mean the failure of the company to act within a significant period with regard to breach material provision contained in the code of ethics, with at least an executive officer of the company having knowledge of the same.
It is a requirement to have the company publicly present the changes immediately they are done. Form 8-K is the traditional platform, but the firm’s website is also an optional platform to disclose the waivers. In choosing the company website, the firm ought to have disclosed such intentions in a prior date using the same medium, that is, its website (United States Securities and Exchange Commission, 2009). Disclosure may also be necessary under the stock exchange rules and in compliance with provisions of the anti fraud, which are contained in the Exchange Act Rule 10b-5. A timeframe of 5 working days after the waiver is given to companies that would like to give information on Form 8-K about “waivers and amendments”.
Disclosure of the amendments and/or changes posted on the website must remain available to the public for a period of not less than 12 months. Additionally, the information needs to be retained for a period not less than five years following the move, while availing the same information to the Securities Exchange Commission any time it is requested.
Requirements of the stock exchange
As per the proposals of the New York Stock Exchange, under Rule 303A(10), NYSE-listed corporations would be called upon to adopt a specific code of conduct for the general business operations and the ethics to be observed by the directors, employees, and the rest of the company’s officers at large. As Bhamornsiri, Guinn & Schroeder (2009) highlight, the specific codes of conduct and ethics to be adopted by all listed companies specifically centered on conflicts of interest, confidentiality, and the corporate opportunities. Moreover, the codes also focused on fair dealing, compliance with respect to the law, regulations, and law that also touch on insider trading activity. The other area of focus identified includes encouraging illegal and unethical behavior to be reported.
American Stock Exchange
On the other hand, the American Stock Exchange proposed amendments on its Section 807, requiring that AMEX-listed corporations adopt a specific code of conducts to be applicable mainly to the directors and other officers in the organization, in addition to the employees (Bhamornsiri, Guinn & Schroeder, 2009). These codes of conduct, nevertheless, have to fulfill Securities and Exchange Commission’s definition pertaining to a code of ethics. In a similar move proposed by the NYSE, AMEX-listed corporations would be called upon to create their own codes (United States Securities and Exchange Commission, 2009).
Nasdaq Stock Market
Every company on Nasdaq market was supposed to come up with a given code of conduct to be followed by every employee of the firm, including the directors of firm. This was stipulated in “Nasdaq Rule 4350(m)”. It was also suggested that all waivers that touch on the code of conduct should be passed prior to public disclosure. This needs to take place before the next periodic report of the company.
Impact on Business and Society
Business
Costs of Operation
Public companies are incurring additional costs as a result of implementing SOX. Because of the annual audits that are conducted by external bodies, companies are paying to accommodate them. The internal audits have also been increased in compliance with the regulation, meaning that the firms are involved directly in footing the resultant costs. With the broadening of the audit’s scope, following the amendments that introduced Section 404, corporate bodies are required to pay more to fulfill and achieve their targeted objectives (Jain & Rezaee, 2006).
The internal control mechanisms required of all companies to achieve desirable outcomes have equally been crucial in increasing operational costs incurred by firms (Li, Pincus, & Rego, 2008). For instance, companies may need to acquire or develop their own software for internal control. They may equally need to create an elaborate control plan within the organization that helps managers and the rest of the organizational players to track down and make reviews of the internal performance. In instances where the firms fail to adhere to these guidelines and requirements, they may end up paying large amounts of money in the form of penalties.
Value and Benefits
SOX is responsible for enhancing general organizational value and benefits. Part of the mandatory requirements that firms have to observe in implementing the Act entails instituting highly elaborate control measures to curb against any potential incidences of financial fraud (Zhang, 2007). Internal audits have been perfected in a way that even when the external audits are conducted to ascertain the firm’s results, little or no discrepancies are determined. As firms work towards adopting the most accurate internal audit measures and activities, they end up streamlining their activities. A significant number of organizations, especially large organizations that have complied with the SOX requirements for more than four years, are working towards leveraging their compliance efforts (Zhang, 2007). This is in a bid to enhance continuous business improvement to affect the financial reporting positively.
Additionally, many other established companies are in the final stages towards improving their SOX compliance process. This definitely points at increased maturity on the part of the firms with regard to their respective control structure, as well as the compliance process. In essence, these investments towards effectively fulfilling the requirements of SOX are in turn improving the values and benefits that the organizations record in the long run (Zhang, 2007).
Society
Restoration of Investor Confidence
There is no doubt that SOX has helped a great deal in restoring investor confidence that had waned considerably prior to the rules’ formulation. Incidences of rogue managers and chief executive officers defrauding the public of large amounts of money without anybody suspecting have now been tamed. The bringing to control of such incidences can be equated to regaining of confidence on the part of the investors (Leuz, Triantis & Wang, 2004). Although investors may not necessarily ascertain the effectiveness of the internal control mechanisms employed in firms, they most obviously feel the impact of the elaborate control measures.
This is good in the restoration of confidence among the investors because before firms post their final financial results, the same is scrutinized by other external bodies. The control measures fronted by the stock exchange further reaffirms to the investor community that indeed the results posted are a true reflection of a given company’s position (Leuz, Triantis & Wang, 2004).
Policy Analysis
Strengths
SOX is responsible for enhancing more transparent as well as highly reliable reporting of financial activities by firms (Sentt & Gallegos, 2009). This has been necessitated by the thorough auditing controls that firms have taken to aid in their operations. It has particularly seen potential risks that shareholders faced when such mechanisms were not mandatory decline. With renewed investor confidence, the economy is assured of effective growth and prosperity (Sentt & Gallegos, 2009).
It is advantageous, for the workers and the firm, to have detailed documentation. The meeting of the SOX requirements is playing a crucial role in enabling the workers to understand about important business processes (Welytok, 2006). The control mechanisms are sealing all loopholes that rogue managers used in the past to swindle and defraud their companies of large sums of money. Today, however, such loopholes have been sealed and thus companies are no longer facing high risk of being defrauded by such dishonest managers (Welytok, 2006). They can continue with their business operations for long and thus benefit their shareholders and employees.
Weaknesses
Implementing SOX is an expensive venture that is subjecting companies into high running costs. The auditing procedures and processes that have to be conducted annually are expensive and eat up quite significant portions of an organization’s revenues. Additionally, companies have been forced to change their traditional processing activities and instead adopt new practices (Pathak, 2005). This changing is expensive for the companies because it entails acquiring and adopting new techniques and probably personnel, which proves to be demanding especially in terms of the funds needed to sustain them.
Companies are forced to use a lot of manpower trying to implement SOX requirements fully. As Jahmani and Dowling (2008) assert, smaller organizations with relatively smaller capacities may not afford to outsource such services, and thus may only depend on their employees to conduct the needed control activities. In doing so, the employees end up devoting limited time in pursuing their professional mandates, and thus deprive the firm of projected operational objectives.
Recommendation for Future Policy Makers
Policies and laws similar to SOX are often adopted for the purpose of benefitting the society at large, while aiming at curbing unprofessional conducts and practices. It is therefore important that future policy makers consider integrating contributions and overall participation of all the stakeholders. This will help in ironing out difficult issues and challenges that may end up eroding its effectiveness. In the case of SOX, for instance, there is little evidence to indicate that Congress worked closely with organizations and managers. The end result of the policy has been a highly costly operation for all firms, and especially the small, less established firms with little revenue amounts. The potential of such companies competing effectively in their respective industries is smaller as they may not acquire adequate funds to sponsor their activities.
Policy makers must also be keen in the future in considering the amount of regulations that they adopt and enforce. Too much regulation ends up making it complex for the players to comprehend and adopt them fully as is required by the law. In the case of SOX, while the underlying complex legal framework is helping to curb cases of managerial fraud and hence improving on investor confidence, it also affects investors in other ways. People willing to start new companies in the US may get discouraged by this complex law, and opt to invest outside the country. If such an incident occurs, it could be assumed that SOX has contributed towards discouraging the same investors that it purports to protect.
Future policies of similar nature need minimize the level of responsibilities that are bestowed on a particular kind of player. Instead, responsibilities need to be spread all across the board to make implementation an easy task. SOX mainly bestow greater responsibilities of the managers, with other federal agencies that need to take much greater responsibility only assuming supervisory roles. This in a way affects the effectiveness of the managers to achieve their obligatory roles. Because of the extensive nature of the law, the policy makers should have probably required organizations to implement 50 percent of the requirements, with the remaining 50 percent being shared out among other significant shareholders, including players in the stock market.
Conclusion
The Sarbanes-Oxley Act of 2002 is a fundamental legal framework that has particularly remained critical in enhancing investor confidence in the USA. The proposals that constitute the act were fronted separately by two Congress politicians Sarbanes and Oxley, hence the Sarbanes-Oxley identity. The Act was introduced and enacted at a time when fraudulent behaviors of mainly top ranking corporate managers had resulted in a series of bankruptcies and collapse of major companies. Enron, one of the most promising energy companies, collapsed during this period following the management’s false indication that the company was making huge profits. Tyco, another major corporate in the US was hit by fraudulent deals pitting mainly the company’s chief executive officer and the chief finance officer. The two officials siphoned large amounts of money in loans, and also engaged in secret trading of stocks. These unfortunate incidents occurred with a lot of ease as there were no significant means of control to ward off the negative practice in advance.
Thus, this trend was gradually eroding investor confidence as the affected firms failed to repay their shareholders, while employees lost their sources of livelihood. Following the successful ratification of the bill into an Act of law, all firms are required to adhere to strict internal control mechanisms, especially with regards to their financial reporting. The Exchange Securities Commission has established an elaborate of code of ethics that mainly guide the actions of corporate managers and directors. The Act has equally been successful in various aspects, particularly in streamlining the actions and activities of the organizations. Extensive internal and external auditing activities have seen firms file the true financial records that depict their rightful positions on an annual basis. This has increased investor confidence as many people are assured of the safety of their funds. Several oversight activities and bodies have also played a major role in ensuring that the internal actions of managers do not result in providing erroneous financial information.
References
Abbott, L. J., Parker, S., Peters, G. F., & Raghunandan, K. (2003). The association between audit committee characteristics and audit fees. Auditing: A Journal of Practice & Theory, 22(2): 17-32.
Anand, S. (2007). Essentials of Sarbanes-Oxley. Hoboken, NJ: John Wiley. J. Ross Publishing.
Bhamornsiri, S., Guinn, R., & Schroeder, R. G. (2009). International implications of the cost of compliance with the external audit requirements of section 404 of Sarbanes-Oxley. International Advances in Economic Research, 15(1), 17-29.
Carcello, J. V., Hermanson, D. R., Neal, T. L., & Riley, R. A. Jr. (2002). Board characteristics and audit fees. Contemporary Accounting Research, 19(3), 365-384.
Gaynor, L. M., L, S. McDaniel, & T. L. Neal. (2006). The effects of joint provision and disclosure of nonaudit services on audit committee members’ decisions and investors’ preferences. The Accounting Review, 81, 873-896.
Geiger, M. A., K., Raghunandan, K & Rama, D. V. (2005). Recent changes in the association between bankruptcies and prior audit opinions. Auditing: A Journal of Practice & Theory, 24(1): 21-35.
Hennessey, R., & Whitman J. (2002). After Enron, companies confront dearth of willing board members. Wall Street Journal, : B9G.
Jahmani, Y. & Dowling, W. (2008). The impact of Sarbanes-Oxley Act. Cluteinstitute-Onlinejournal [online] 6(10), 57-66. Web.
Jain, P. K., & Rezaee, Z. (2006). The Sarbanes-Oxley Act of 2002 and security market behavior: early evidence. Contemporary Accounting Research, 23(3), 629-654.
Keinath, A. K., & WaIo, J. C. (2004). Audit committee responsibilities. CPA Journal 74(11), 22-28.
Leuz, C, A. Triantis, & T. Wang, T. (2004). Why do firms go dark? Causes and economic consequences of voluntary SEC deregistrations. Working Paper, Social Science Research Network: 1-33.
Li, H., Pincus, M., & Rego, S. (2008). Market reaction to events surrounding the Sarbanes-Oxley Act of 2002 and earnings management. Journal of Law and Economics, 51(1), 111-134.
Northrup, C. L. (2006). Profitable Sarbanes-Oxley compliance: attain improved shareholder value and bottom-line results. Fort Lauderdale, FL: J. Ross Publishing, Inc.
Pathak, J. (2005). Information technology auditing – an evolving agenda. New York, NY: Springer.
Rashkover, B. W., & Winter, C. B. (2005). The impact of Sarbanes-Oxley on SEC enforcement in public company disclosure cases – part I. International Journal of Disclosure and Governance, 2(4), 312-324.
Sentt, S. & Gallegos, F. (2009). Information technology control and audit (3dn). Boca Raton, FL: Taylor & Francis.
United States Securities and Exchange Commission (2009). Study of the Sarbanes-Oxley Act of 2002 Section 404 internal control over financial reporting requirements. Web.
US Securities and Exchange Commission (2013). The laws that govern the securities industry. Web.
Welytok, G. (2006). Sarbanes-Oxley for dummies. Hoboken, NJ: Wiley Publishing, Inc.
Zhang, I. (2007). Economic consequences of the Sarbanes-Oxley Act of 2002. Journal of Accounting and Economics, 44(1), 74-115.