Register now or log in to join your professional community.
Ten years ago, the US capital markets were roiled by revelations of financial wrongdoing at numerous major companies. The damage to investors, pensioners, communities and markets was historic. Corporate executives were jailed. One of the nation’s largest companies and one of the largest audit firms went out of business. After hundreds of corporate earnings restatements, confidence in financial markets was shaken to the core. To restore public confidence in the reliability of financial reporting, the US Senate and House of Representatives passed the Sarbanes-Oxley Act of2002, by votes of99-0 and423-3, respectively, sending it to President George W. Bush, who signed the reform measure into law on July30,2002. Since its enactment, the Sarbanes-Oxley Act, or SOX as it is often called, has been both heralded and maligned. SOX was designed to enhance the reliability of financial reporting and to improve audit quality. SOX forged a new era for the US audit profession by ending over100 years of self-regulation and establishing independent oversight of public company audits by the Public Company Accounting Oversight Board (PCAOB). SOX strengthened corporate governance, shifting responsibility for the external auditor relationship away from corporate management to independent audit committees. It instituted whistleblower programs, CEO and CFO certification requirements and stricter criminal penalties for wrongdoing, including lying to the auditor. These measures and others were geared toward improving the reliability of corporate financial reporting. Over the last10 years, key elements of the Act have been replicated around the world, perhaps the purest form of flattery. Today, on the heels of the global financial crisis, many jurisdictions are looking anew at policy improvements similar to those instituted by SOX.
Absolutely agree. The corporate governance framework introduced by SOX has lead to development of audit commitee and NEDs roles. Eariler the Stakeholders can only relly on auditors but the problem of indenpense of auditors was always at the question but the SOX and other corporate governance framework has greatly streanthen this assurance.
It does not necessarily strengthen the quality. Actually it just shifted the scope of internal audit activities away from quality to demonstrating the necessary minimum of controls to the regulators. The reality is that the scope of internal control reviews should be aimed at protecting the organization's objectives for optimal performance. Every organization has different goals and circumstances.
SOX introduced a minimum set of controls that SEC decided should have given enough assurance for the shareholders. The pressure was very high on all listed companies to comply. Currently most of the companies established the SOX assurance process, however it still distracts resources and time on risks that are not necessarily of the benefit to the company. In many cases, SOX duplicates the external audit's assurance and costs a lot of money.
As a result, large organizations often have to maintain two parallel functions: Internal Audit and SOX Compliance.
In an ideal situation, especially in a financial institution, the business, financial and IT controls match the SOX controls so validating business controls covers SOX controls as well.
Definitely agreed.
Agreed.