Sarbanes-Oxley: What is it and how does it affect you?
On 30 July, 2002, the US Congress passed, and the President signed into law, a new securities legislation titled Public Company Accounting Reform and Investor Protection Act of 2002, better known as the Sarbanes-Oxley Act (also known as SOX).
The act is named after its primary creators, Senator Paul Sarbanes and Representative Michael Oxley, and followed a series of high-profile corporate scandals, including Enron and WorldCom.
It is principally intended, in the words of President George W. Bush, to “deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders.”
Most significant
The act itself is organised into 11 titles or subjects, although sections 302, 401, 404, 409, 802 and 906 are the most significant with respect to compliance (Sarbanes Oxley section 404 is the most common area of concern) and internal control.
In addition, the act also created the Public Company Accounting Oversight Board, which oversees the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.
Section 404 of the act requires each annual report of a public company to include a report by management on the company’s internal control of financial reporting. This report should contain:
A statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company;
A statement identifying the framework used by management to evaluate the effectiveness of internal controls;
Management’s assessment of the effectiveness of internal controls as of the end of the company’s most recent fiscal year;
Disclosure of material weaknesses in internal controls (a material weakness is a significant deficiency or combination of significant deficiencies that result in more than a remote likelihood that a material misstatement will not be prevented or detected.); and
A statement that the company’s auditor has issued an attestation report on management’s assessment.
SOX 404 also requires the company’s auditor to attest to, and report on, management’s assessment of the effectiveness of the company’s internal control of financial reporting.
How are we impacted locally?
All companies registered with the SEC, including foreign registrants with a US listing, are subject to SOX compliance.
The advantage for foreign registrants is that they have a later deadline for compliance (July 2006 rather than 2005).
Additionally, other jurisdictions are also enforcing corporate governance requirements; for instance Canada has a similar programme called CEO/CFO Certification and Europe is also considering a similar type of regulation.
Relatively few Cayman-based companies will be directly affected by SOX; these companies are required to comply either by partaking in a SOX review or by providing third-party reporting i.e. FRAG 21, Section 5900, SAS70 etc.
However, those not directly affected should not turn a blind eye to such legislation, as in the light of recent corporate scandals both businesses and their clients are increasing their awareness of the need for strong internal control and risk management.
Benefits of internal control reviews, whether SOX-related reviews or other reviews (i.e. internal audit reviews, third-party reviews etc.), include:
Increased efficiency and effectiveness of operations;
Improvements in the accuracy and reliability of financial reporting;
Provides greater comfort over the organisations control environment; and
Strengthened client and investor views of the company.
All executives should be conscious of the importance of managing risk and internal controls, including documentation, review and testing of internal controls, whether directly affected by SOX or simply to gain comfort and demonstrate sound internal control.
Related Videos
