The Sarbanes Oxley Act - Case Study Example

SARBANES OXLEY ACT Executive Summary This paper discusses one of the most important contemporary issues in accounting and controls field – the Sarbanes Oxley Act (SOX). The background information identifying needs and requirements for a comprehensive accounting and auditing framework have been discussed; which is then followed by the salient features of the act itself. Practical limitations of the act have been presented, which are then concluded by a brief discussion about the standards and guidelines that are being used by companies to comply with the requirements of the Act. 2. Introduction Accounting is a key area in every organization’s business. Correct recording and representation of material financial and operational facts about a company is critical for stakeholders to measure their interests into the company. Several industry standards are available for correct recording, calculation, and representation of this information. In addition, almost every country makes or adopts an accounting and internal control system which is mandatory for all the companies to follow. As time passes by, needs and requirements of new and comprehensive systems emerge that necessitates changes in the way traditional accounting and control systems operate. 3. Background The corporate world in United States took severe setbacks when scandals were surfaced about many large and multinational organizations in late 20th century. The companies like Enron, Tyco, and WorldCom were all victims of incorrect, ambiguous, unethical and inappropriate practices which remained hidden for a long period before they were finally identified and brought to the attention of the world. This sequence of events negatively affected shareholders’ and general public’s trust over the reliability and accuracy of financial information as published by companies. A general feeling was that of distrust, disbelieve, doubt and annoyance with the audit and internal controls systems of organizations. This state of affairs triggered a requirement for a regulation that could establish legal requirements for companies to ensure that their systems are controlled and the information they publish conform to the actual status, and is not altered, modified or changed with an intention to deceive anyone. The Sarbanes Oxley Act The Sarbanes Oxley Act (also known as known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox (Wikipedia.org 2007), was implemented in 2002 to regain public’s trust in the accounting and reporting practices of companies in US, to reinforce investment confidence and protect investors by improving the accuracy and reliability of corporate information with regard to finance, operations and information systems. All public U.S. and international companies that have registered equity or debt securities with the Securities and Exchange Commission need to comply with Sarbanes Oxley act. The section 302 of the act requires CEOs and CFOs to personally certify quarterly and annual financial statements. The first instance of sentencing a CEO for failure to comply with the act occurred in 2003. SOX violations can bring fines up to $5 million or 20 years in prison (IBM 2004). 5. Key Sections of the Act The act is divided into multiple sections; eleven in all. A brief description of the sub-sections of the act is provided below: 5.1. Establishment of Public Company Accounting Oversight Board (PCAOB) A Public Company Accounting Oversight Board (PCAOB) was established as a result of the passage of the act, to ensure that interests of the investors in public companies are secured, and the audit reports are developed and represent true and fair opinion on the affairs of the company (FindLaw.com 2002). The key functions and duties of PCAOB as documented in the law are as follow: Register public accounting firms Establish or adopt auditing, quality control, ethics, independence, and other standards Conduct inspection of public companies 5.2. Auditor Independence The ‘independence’ of the auditor is critical for performing any audit related activity for any client. ISACA (Information Systems Audit and Controls Association) (2004) requires auditors to be independent of auditee in both attitude and appearance (professional independence) and the entire audit function to be independent of the area or activity being reviewed to permit objective completion of the audit assignment. The SOX act requires the auditors to be independent. The law states that auditors should not have any operational and/or decision making role for the activity which they are auditing. 5.3. Corporate Responsibility The act requires public companies to certify in their financial reports that a senior manager has reviewed the report and that the report does not have material misstatements. As per section 302 of the act, the senior management is responsible to develop and implement system of internal controls, and compliance systems. The financial report should consist of reviewers’ comments that they have evaluated the internal controls systems at the company which were found to be satisfactory and no material risks are left unnoticed. The act requires that the corporate financial statements should have following certifications: The signing officers have reviewed the report The report does not contain material misstatement or material omission or is misleading The financial statements and information fairly represent the factual position and health of the company The signing officers are responsible for internal controls and have reviewed internal controls in previous 90 days Significant changes to internal control environment The report should have a list of all deficiencies in the internal controls and information on any fraud involving employees 5.4. Enhanced Financial Disclosure In order to prevent against the risks arising our of non-disclosure and/ or limited disclosure of information by companies like Tyco and Enron, SOX requires the companies to strictly follow Generally Accepted Accounting Principles (GAAP), and adequately disclose off balance sheet and hidden information of material value that can affect shareholders’ money and investment decisions. As per section 402, the directors of the company can not be provided personal loan. The section 404 requires a management assessment of internal controls, evaluation and reporting of internal control systems to top management, and to the shareholders through financial reports of the company. Section 406 describes the need of code of ethics for senior financial officers. 5.5. Analyst Conflicts of Interest This section deals with investment companies and brokers. It requires that the security analysts should not have personal interests in the securities for which he/she is responsible. This is required to prevent security analyst in misleading the investor to make investments in securities that add to analysts’ personal gains. 5.6. Commission Resources and Authority This section has amended section 35 of Securities Exchange Act of 1934. It details the requirements, responsibilities, and authority of the commission, court, and the brokers. It identifies the bars and penalties that can be imposed by respective authorities. 5.7. Studies and Reports Section 7 requires development of various studies and reports for disclosure purposes. This includes reports regarding credit rating agencies, reports on violations and violators, study on enforcement actions, and others. The purpose is to spread information so that general public is kept aware about the affairs of the company. 5.8. Corporate and Criminal Fraud Accountability As per the statement of the act, ‘whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.’ This shows that severe penalties have been enforced on the person or entity that knowingly carries out activities that adversely impact the interests of public in companies. 5.9. White Collar Crime Penalty Enhancements As the name suggests, this section has enhanced the penalties for white collar crimes. These include activities like mail and wire frauds, violation of employee retirement income security act of 1974, and failure to certify corporate reports by senior management of the company. 5.10. Corporate Tax Returns As per the act, ‘Federal income tax return of a corporation should be signed by the chief executive officer of such corporation’. Hence, it is mandated by the act that chief executive officer of the company should own the financial reports of the company and will be held responsible for any material misstatements. 5.11. Corporate Fraud Accountability The act has called for further controls to prevent tempering with records and/ or otherwise impeding an official proceeding; treating it as an illegal activity. The penalties and sentences have been revised to discourage occurrences of such activities. 6. SOX and Accounting The introduction and enactment of SOX act has brought about a revolution in accounting and auditing processes around the globe. The accountants are now have to be ever more careful with their record keeping, auditors have to be vigilant in carrying out there duties and top management must ensure an optimally controlled environment which limits the chances of an accounting or financial misappropriation. In addition, the demand for SOX consultants has increased tremendously. This has caused the market to shift focus to SOX based consulting work. This is one of the reasons as to why the companies find it costly and difficult to get their systems in compliance with the requirements of Sarbanes Oxley act. Several accounting, audit and consulting firms operate in market claiming to have solutions for organizations’ problems in implementing internal controls to comply with the requirements of the act. 7. Conclusion The Sarbanes Oxley act provided a strong message from regulatory bodies to organizations around the country that the events like Tyco and others will not be allowed to be repeated again. The SOX act has established a set of comprehensive legal requirements to ensure that financial statements present true picture of the organizations’ activities and performance. This allows the shareholders and other public to become aware of the accurate and correct status about the performance of various companies in order to make informed decision about their existing and/ or potential new investments into a company. WORKS CITED ISACA Information Systems Audit and Control Association. CISA Review Manual. 2004. “Sarbanes Oxley Act.” Wikipedia: The Free Encyclopedia. May 1, 2007. May 12, 2007 . “One Hundred Seventh Congress of the United States of America.” FindLaw.com. January 23, 2002. May 11, 2007 http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf>. Read More