Beruflich Dokumente
Kultur Dokumente
Introduction
The SarbanesOxley Act of 2002, also known as the 'Public Company Accounting
Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and
Responsibility Act' and commonly called SarbanesOxley, Sarbon or SOX.
It is a United States federal law enacted on July 30, 2002. It is named after sponsors U.S.
Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. The bill was enacted
as a reaction to a number of major corporate and accounting scandals including those
affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These
scandals, which cost investors billions of dollars when the share prices of affected
companies collapsed, shook public confidence in the nation's securities markets. The act
is regarded as the most sweeping securities legislation since the securities and exchange
act of 1934.
The legislation set new or enhanced standards for all U.S. public company boards,
management and public accounting firms. It does not apply to privately held companies.
The act contains 11 titles, or sections, ranging from additional corporate board
responsibilities to criminal penalties, and requires the Securities and Exchange
Commission (SEC) to implement rulings on requirements to comply with the new law.
Harvey Pitt, the 26th chairman of the Securities and Exchange Commission (SEC), led
the SEC in the adoption of dozens of rules to implement the SarbanesOxley Act. It
created a new, quasi-public agency, the Public Company Accounting Oversight Board, or
PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting
firms in their roles as auditors of public companies. The act also covers issues such as
auditor independence, corporate governance, internal control assessment, and enhanced
financial disclosure.
The Senate Banking Committee undertook a series of hearings on the problems in the
markets that had led to a loss of hundreds and hundreds of billions, indeed trillions of
dollars in market value. The hearings set out to lay the foundation for legislation. We
scheduled 10 hearings over a six-week period, during which we brought in some of the
best people in the country to testify...The hearings produced remarkable consensus on the
nature of the problems: inadequate oversight of accountants, lack of auditor
independence, weak corporate governance procedures, stock analysts' conflict of
interests, inadequate disclosure provisions, and grossly inadequate funding of the
Securities and Exchange Commission.
Auditor conflicts of interest: Prior to SOX, auditing firms, the primary financial
"watchdogs" for investors, were self-regulated. They also performed significant
2
non-audit or consulting work for the companies they audited. Many of these
consulting agreements were far more lucrative than the auditing engagement. This
presented at least the appearance of a conflict of interest. For example,
challenging the company's accounting approach might damage a client
relationship, conceivably placing a significant consulting arrangement at risk,
damaging the auditing firm's bottom line.
Inadequate funding of the SEC: The SEC budget has steadily increased to
nearly double the pre-SOX level. In the interview cited above, Sarbanes indicated
that enforcement and rule-making are more effective post-SOX.
CHAPTER- 02
for compliance audits, inspecting and policing conduct and quality control, and
enforcing compliance with the specific mandates of SOX.
2. Auditor Independence
Title II consists of nine sections and establishes standards for external auditor
independence, to limit conflicts of interest. It also addresses new auditor approval
requirements, audit partner rotation, and auditor reporting requirements. It
restricts auditing companies from providing non-audit services (e.g., consulting)
for the same clients.
3. Corporate Responsibility
Title III consists of eight sections and mandates that senior executives take
individual responsibility for the accuracy and completeness of corporate financial
reports. It defines the interaction of external auditors and corporate audit
committees, and specifies the responsibility of corporate officers for the accuracy
and validity of corporate financial reports. It enumerates specific limits on the
behaviors of corporate officers and describes specific forfeitures of benefits and
civil penalties for non-compliance.
4. Enhanced Financial Disclosures
Title IV consists of nine sections. It describes enhanced reporting requirements
for financial transactions, including off-balance-sheet transactions, pro-forma
figures and stock transactions of corporate officers. It requires internal controls
for assuring the accuracy of financial reports and disclosures, and mandates both
audits and reports on those controls. It also requires timely reporting of material
changes in financial condition and specific enhanced reviews by the SEC or its
agents of corporate reports.
5. Analyst Conflicts of Interest
Title V consists of only one section, which includes measures designed to help
restore investor confidence in the reporting of securities analysts. It defines the
codes of conduct for securities analysts and requires disclosure of knowable
conflicts of interest.
6. Commission Resources and Authority
Title VI consists of four sections and defines practices to restore investor
confidence in securities analysts. It also defines the SECs authority to censure or
bar securities professionals from practice and defines conditions under which a
person can be barred from practicing as a broker, advisor, or dealer.
7. Studies and Reports
Title VII consists of five sections and requires the Comptroller General and the
SEC to perform various studies and report their findings. Studies and reports
include the effects of consolidation of public accounting firms, the role of credit
rating agencies in the operation of securities markets, securities violations and
enforcement actions, and whether investment banks assisted Enron, Global
Crossing and others to manipulate earnings and obfuscate true financial
conditions.
8. Corporate and Criminal Fraud Accountability
Title VIII consists of seven sections and is also referred to as the Corporate and
Criminal Fraud Act of 2002. It describes specific criminal penalties for
manipulation, destruction or alteration of financial records or other interference
with investigations, while providing certain protections for whistle-blowers.
Title IX consists of six sections. This section is also called the White Collar
Crime Penalty Enhancement Act of 2002. This section increases the criminal
penalties associated with white-collar crimes and conspiracies. It recommends
stronger sentencing guidelines and specifically adds failure to certify corporate
financial reports as a criminal offense.
10. Corporate Tax Returns
Title X consists of one section. Section 1001 states that the Chief Executive
Officer should sign the company tax return.
11. Corporate Fraud Accountability
Title XI consists of seven sections. Section 1101 recommends a name for this title
as Corporate Fraud Accountability Act of 2002. It identifies corporate fraud
and records tampering as criminal offenses and joins those offenses to specific
penalties. It also revises sentencing guidelines and strengthens their penalties.
This enables the SEC the resort to temporarily freeze transactions or payments
that have been deemed "large" or "unusual".
CEOs and CFOs are held responsible for their companies financial reports
Executive officers and directors may not solicit or accept loans from their
companies
Mandatory internal audits and review and certification of those audits by outside
auditors
Longer jail sentences and larger fines for executives who intentionally misstate
financial statements
Publicly traded companies must establish internal financial controls and have
those controls audited annually
This last provision is of concern primarily for large companies, and is commonly referred
to as SOX 404 compliance. It requires publicly traded companies to institute
comprehensive internal controls on their finances, as well as have their policies regularly
reviewed by outside firms. While this might not affect your small business, it is having a
significant impact on big ones: Companies with revenues of more than $5 billion are
spending an average of $4.3 million just to achieve SOX 404 compliance!
CHAPTER- 03
fraudulent behavior, it has made certain accidental burdens on smaller businesses, making
it difficult for them to grow and flourish. Compliance with this act is not a heavy task.
CHAPTER- 04
10
improve growth. Thus, at least theoretically, SOX could provide a win-win situation for
both companies and investors.
Although many agreed that the changes to the corporate governance system in the U.S.
were necessary, some now believe that SOX has imposed an unnecessary burden on
companies because of its high compliance costs. A challenging issue is Section 404 of
SOX, Management Assessment of Internal Controls, which requires publicly held firms
to identify financial reporting risks, establish related controls, assess their effectiveness,
fix any material control deficiencies, and then re-test and re-document all of the above. A
March 2005 survey by Financial Executives International shows that the first year
compliance costs on Section 404 of SOX alone averaged $4.36 million per company, and
large companies with more than $5 billion in revenues spent more than $10 million per
company.
Critics argue that for many firms, the costs of complying with SOX outweigh the
benefits. For example, these costs are unreasonably high for small firms. If the
compliance costs are at least in part fixed, small firms may bear a disproportionate
burden. The American Electronics Association (AEA) claims that Section 404
compliance costs serve as a " regressive tax on small business. " The purpose of this
study is to examine the market impact of the enactment of SOX, in an effort to determine
the market's reaction to the passage of this regulation with respect to firm size.
While the true costs of SOX compliance are not easy to measure, the benefits are even
more difficult to estimate. The promised benefits of SOX, which include more
transparent disclosure, improved corporate governance, and enhanced investor
confidence, are difficult to measure in the short run. Thus, to investigate the impact of
SOX on firms of different sizes, we use an event study analysis. Using an event study
methodology allows us to gauge, in a single framework, the market's perspective of the
benefits versus the costs of SOX. In particular, we find that small firms experienced a
much larger negative abnormal return on the day that Congress agreed on the passage of
SOX than did large firms. We find an almost monotony relationship between firm size
and adverse impact of SOX. In the next section, we discuss the major provisions of SOX,
and we detail some of the provisions that have resulted in the highest compliance costs.
In addition, we discuss how these costs are disproportionately burdensome to small firms.
11
Firms in the smallest market capitalization quintile have market capitalizations less than
$22.14 million, and firms in the largest quintile have market capitalizations over $2.45
billion. As a reference, firms in quintile 3 have market capitalizations between $70.9
million and $227 million. As can be seen in Exhibit 3, firms in the two smallest market
capitalization quintiles experienced the largest negative abnormal returns (i.e., the largest
adverse economic impact), while firms in the largest-volume quintile experienced slightly
positive abnormal returns. This indicates that small firms lost 3% of their value, while
large firms actually experienced a very small increase in value, while controlling for
general market movements on the day that the House and Senate agreed on the final SOX
legislation. These negative abnormal returns for small firms are both economically and
statistically significant, and provide evidence of an uneven burden borne by small firms.
Foley & Lardner Survey (2007): This annual study focused on changes in the total
costs of being a U.S. public company, which were significantly affected by SOX.
Such costs include external auditor fees, directors and officers (D&O) insurance,
board compensation, lost productivity, and legal costs. Each of these cost
categories increased significantly between FY2001-FY2006. Nearly 70% of
survey respondents indicated public companies with revenues under $251 million
should be exempt from SOX Section 404.
Zhang (2005): This research paper estimated SOX compliance costs as high as
$1.4 trillion, by measuring changes in market value around key SOX legislative
"events." This number is based on the assumption that SOX was the cause of
related short-duration market value changes, which the author acknowledges as a
drawback of the study.
This research paper indicated that SOX 404 indeed led to conservative reported
earnings, but also reducedrightly or wronglystock valuations of small firms.
Lower earnings often cause the share price to decrease(2007).
This research paper indicates that borrowing costs are lower for companies that
improved their internal control, by between 50 and 150 basis points (.5 to 1.5
percentage points) (2006).
The research paper indicates that corporations have improved their internal
controls and that financial statements are perceived to be more reliable.
After identification of a
14
This 5% rule is one of the quantitative tests performed by auditors to identify potential
areas of materiality that may require further evaluation. If an area is identified, it
prompts the need for further qualitative analysis.
Up until now a quantitative measure has not been available specifically for fixed assets.
However, AMR has accumulated actual statistics from the past sixteen years of client
engagements and has documented that the average unrecorded disposals are 1.5% of the
Net Book Value of Property, Plant and Equipment. Thus, applying the 5% rule, if the
value of the fixed asset calculation is greater than the 5% EBITA value, a materiality
issue may exist. The formula can be expressed as follows:
1.5 percent times the Net Book Value of Property, Plant and Equipment
5 percent of stabilized earnings before interest, taxes and allowances (EBITA)
After performing this calculation, if the ratio is greater than one (1), fixed assets is a
material consideration. This alone does not constitute a material weakness, but it does
suggest that a qualitative evaluation is warranted. This is the first step in determining if a
material weakness may exist.
The qualitative analysis evaluates whether the internal controls and business processes
are sound enough to ensure a material weakness does not exist. If the fixed asset
materiality ratio was greater than one (1) the relevance of this ratio takes into
consideration several qualitative possibilities:
1. A high property value due to large holdings of real estate, common in retail chains
and banks.
2. A highly capital intensive industry with extensive investment in machinery and
equipment.
3. Unrecorded disposals overstating the fixed asset balance.
4. And many others.
It should be noted that a material weakness may still exist even after the qualitative
analysis concludes that past practices and/or newly defined controls are not deficient.
One must answer the following:
Are internal controls and defined business processes sufficient to ensure the
published financial reports are accurate?
15
Are past business practices immune from further scrutiny after new procedures
But what if the quality of the data in the supporting financial systems is simply
poor?
Do the fixed asset financial records reflect what actually exists?
Are there unrecorded disposals or additions?
For fixed assets, the only definitive method to validate the quality of data in the system is
a physical inventory. An organization can institute documented business processes for
fixed asset management that meet or exceed Sarbanes-Oxley requirements, but until an
accurate baseline is established there may still be a material weakness. Validation of
fixed assets is the only definitive method to ensure that the improved business processes
and internal controls will deliver on the promise of accurate financial reporting.
By comparing the cost and benefit of a baseline physical inventory versus an evaluation
of internal controls; we can determine which gets the organization closer to SarbanesOxley compliance.
It is possible that an evaluation of internal controls will meet Sarbanes-Oxley compliance
requirements, but it does not mend bad legacy data from previous reporting periods. In
short, evaluating and instituting process improvements of internal controls alone does not
ensure a material weakness has been repaired. Conducting a baseline physical inventory
and instituting improved business processes, if needed, more effectively accomplishes the
quantitative and qualitative requirements to meet Sarbanes-Oxley compliance.
16
negative effect among small firms is consistent with these companies being less able to
absorb the incremental costs associated with SOX compliance. The screening of smaller
firms with weaker governance attributes from U.S. exchanges is consistent with the
heightened governance costs imposed by the Act increasing the bonding-related benefits
of a U.S. listing.
18
CHAPTER- 05
States may emulate Sarbanes-Oxley provisions in legislation targeting not-forprofit organizations--especially states that have experienced notorious not-for-
entity reporting;
Insurers may penalize entities that don't comply with Sarbanes-Oxley provisions;
and
Management and boards may institute some of these reforms as a type of "bestpractice" standards for not-for-profit governance.
19
material omission;
That the financial statements fairly present the financial condition of the
corporation;
That the certifying individuals have designed and evaluated systems of internal
controls to ensure that they are aware of material information concerning the
themselves to the same standard as their for-profit peers risk being perceived as having
betrayed the trust of their communities.
policies?
3. Will a natural disaster affect our security and IT assets? Take the time to write out
a few worst-case scenarios and the response your IT manager should take. If you
live in Bangladesh, for example, build IT security into your earthquake plan as
this time, earthquake risk is growing higher scale in Dhaka city. Make plans to
have this available to the next person in charge if youre away when disaster
strikes.
4. Be prepared for the unseen costs of a security breach. Discuss with your lawyer
how damages to your company from a security breach can show up as a
restatement. Some recompensable damages include:
22
5.
9.
24
the definitions of financial stewardship and personal accountability have been made more
explicit and the stakes significantly higher.
Private companies as well, although not legally obligated to comply with the Act, may
choose to adopt certain components as part of an overall plan to improve business
operations.
CHAPTER- 06
25
Section 302
This section is of course listed under Title III of the act, and pertains to 'Corporate
Responsibility for Financial Reports'.
Summary:
Periodic statutory financial reports are to include certifications that:
The signing officers have reviewed the report
The report does not contain any material untrue statements or material omission
or be considered misleading
The financial statements and related information fairly present the financial
condition and the results in all material respects
The signing officers are responsible for internal controls and have evaluated
these internal controls within the previous ninety days and have reported on their
findings
A list of all deficiencies in the internal controls and information on any fraud
that involves employees who are involved with internal activities
Any significant changes in internal controls or related factors that could have a
negative impact on the internal controls
Organizations may not attempt to avoid these requirements by reincorporating their
activities or transferring their activities outside of the United States
Section 401
This section is of course listed under Title IV of the act (Enhanced Financial
Disclosures), and pertains to 'Disclosures in Periodic Reports'.
Summary:
Financial statements are published by issuers are required to be accurate and presented in
a manner that does not contain incorrect statements or admit to state material information.
These financial statements shall also include all material off-balance sheet liabilities,
obligations or transactions. The Commission was required to study and report on the
extent of off-balance transactions resulting transparent reporting. The Commission is also
required to determine whether generally accepted accounting principles or other
regulations result in open and meaningful reporting by issuers.
26
Section 404
This section is listed under Title IV of the act (Enhanced Financial Disclosures), and
pertains to 'Management Assessment of Internal Controls'.
Summary
Issuers are required to publish information in their annual reports concerning the scope
and adequacy of the internal control structure and procedures for financial reporting. This
statement shall also assess the effectiveness of such internal controls and procedures.
The registered accounting firm shall, in the same report, attest to and report on the
assessment on the effectiveness of the internal control structure and procedures for
financial reporting.
Section 409
This section is listed within Title IV of the act (Enhanced Financial Disclosures), and
pertains to 'Real Time Issuer Disclosures'.
Summary
Issuers are required to disclose to the public, on an urgent basis, information on material
changes in their financial condition or operations. These disclosures are to be presented in
terms that are easy to understand supported by trend and qualitative information of
graphic presentations as appropriate.
Section 802
This section is listed within Title VIII of the act (Corporate and Criminal Fraud
Accountability), and pertains to 'Criminal Penalties for Altering Documents'.
Summary
This section imposes penalties of fines and/or up to 20 years imprisonment for altering,
destroying, mutilating, concealing, falsifying records, documents or tangible objects with
the intent to obstruct, impede or influence a legal investigation.
27
This section also imposes penalties of fines and/or imprisonment up to 10 years on any
accountant who knowingly and willfully violates the requirements of maintenance of all
audit or review papers for a period of 5 years operations and determine if they are
significant to the organization as a whole. Significant business units can include financial
business units or IT business units. The assessment of whether an IT business unit is
significant can be impacted by the materiality of transactions processed by the IT
business unit, the potential impact on financial reporting if an IT business unit fails and
other qualitative risk factors. The issue is that there are financial materiality and
significant risk considerations, quantitative and qualitative, and both aspects provide
focus.
28
"internal controls over financial reporting". Under both Section 302 and Section 404,
Congress directed the SEC to promulgate regulations enforcing these provisions.
External auditors are required to issue an opinion on whether effective internal control
over financial reporting was maintained in all material respects by management. This is
in addition to the financial statement opinion regarding the accuracy of the financial
statements. The requirement to issue a third opinion regarding management's assessment
was removed in 2007.
SarbanesOxley Section 404: Assessment of internal control
The most contentious aspect of SOX is Section 404, which requires management and the
external auditor to report on the adequacy of the company's internal control over financial
reporting (ICFR). This is the most costly aspect of the legislation for companies to
implement, as documenting and testing important financial manual and automated
controls requires enormous effort.
Under Section 404 of the Act, management is required to produce an internal control
report as part of each annual Exchange Act report. See 15 U.S.C. 7262. The report
must affirm the responsibility of management for establishing and maintaining an
adequate internal control structure and procedures for financial reporting. 15
U.S.C. 7262(a). The report must also contain an assessment, as of the end of the most
recent fiscal year of the Company, of the effectiveness of the internal control structure
and procedures of the issuer for financial reporting. To do this, managers are generally
adopting an internal control framework such as that described in COSO.
To help alleviate the high costs of compliance, guidance and practice have continued to
evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing
Standard No. 5 for public accounting firms on July 25, 2007. This standard superseded
Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its
interpretive guidance on June 27, 2007. It is generally consistent with the PCAOB's
guidance, but intended to provide guidance for management. Both management and the
external auditor are responsible for performing their assessment in the context of a top-
29
down risk assessment, which requires management to base both the scope of its
assessment and evidence gathered on risk. This gives management wider discretion in its
assessment approach. These two standards together require management to:
Assess both the design and operating effectiveness of selected internal controls
related to significant accounts and relevant assertions, in the context of material
misstatement risks;
Scale the assessment based on the size and complexity of the company;
30
centralized company costs were $1.3 million. Costs of evaluating manual control
procedures are dramatically reduced through automation.
SarbanesOxley 404 and smaller public companies
The cost of complying with SOX 404 impacts smaller companies disproportionately, as
there is a significant fixed cost involved in completing the assessment. For example,
during 2004 U.S. companies with revenues exceeding $5 billion spent 0.06% of revenue
on SOX compliance, while companies with less than $100 million in revenue spent
2.55%.
This disparity is a focal point of 2007 SEC and U.S. Senate action. The PCAOB intends
to issue further guidance to help companies scale their assessment based on company size
and complexity during 2007. The SEC issued their guidance to management in June,
2007.
After the SEC and PCAOB issued their guidance, the SEC required smaller public
companies (non-accelerated filers) with fiscal years ending after December 15, 2007 to
document a Management Assessment of their Internal Controls over Financial Reporting
(ICFR). Outside auditors of non-accelerated filers however opine or test internal controls
under PCAOB (Public Company Accounting Oversight Board) Auditing Standards for
years ending after December 15, 2008. Another extension was granted by the SEC for the
outside auditor assessment until years ending after December 15, 2009. The reason for
the timing disparity was to address the House Committee on Small Business concern that
the cost of complying with Section 404 of the SarbanesOxley Act of 2002 was still
unknown and could therefore be disproportionately high for smaller publicly held
companies. On October 2, 2009, the SEC granted another extension for the outside
auditor assessment until fiscal years ending after June 15, 2010. The SEC stated in their
release that the extension was granted so that the SECs Office of Economic Analysis
could complete a study of whether additional guidance provided to company managers
and auditors in 2007 was effective in reducing the costs of compliance. They also stated
that there will be no further extensions in the future.
31
CHAPTER- 07
32
33
The US Sarbanes-Oxley Act was passed in the wake of a myriad of corporate scandals.
What these scandals had in common was skewed reporting of selected financial
transactions. For instance, companies such as Enron, WorldCom and Tyco covered up or
misrepresented a variety of questionable transactions, resulting in huge losses to
stakeholders and a crisis in investor confidence. How did Congress think the Act would
address the problem? Sarbanes-Oxley aims to enhance corporate governance and s
strengthen corporate accountability. It does that by:
CHAPTER- 08
35
taking, and foster growth. Yet, even the most thoughtful and balanced legislation has its
limitations. In the wake of unprecedented corporate failures due to managerial fraud,
Congress passed the Sarbanes-Oxley Act of 2002 with the goal of rebuilding investor
confidence and protecting capital markets. The recent recovery leaves little doubt that
confidence has returned. However, whether the Act actually will protect financial markets
by efficiently providing long-term deterrents to fraud at public companies is a valid topic
of debate.
Executives who committed the numerous and exceptional frauds of 2001 and 2002
largely will be judged under laws existing prior to enactment of the Sarbanes-Oxley
legislation. Regardless, Congress, in a nod to confidence-building, properly inserted
additional governance and reporting safeguards into the Act. Certain requirements, such
as executive certification of public company financial statements, are designed to ensure
accountability for reported financial information. Congress also introduced mandates
designed to improve the independence and financial competence of public boards of
directors with a view towards better oversight of executive management. Still more
legislative changes targeted the public accountants, attorneys, banking analysts, and other
gatekeepers. The overriding goal was to provide better, more accurate information for
investors by shining enough light on these companies to make massive financial reporting
frauds harder to achieve without detection. Now the question becomes: Will this new
legislation prevent a future crisis?
To understand the limitations of the Sarbanes-Oxley Act, it is helpful to be aware of what
was in force prior to its adoption. After the stock market crash of 1929, Congress passed
the Securities Act of 1933 and the Securities Exchange Act of 1934 to address perceived
corporate abuse. A lack of transparency and fair dealing led Congress to pass these acts to
regulate the securities markets. The markets previously were regulated by a patchwork of
state laws that commonly were referred to as "blue sky" laws, many of which remain in
place today. The 1933 Act was passed to meet two basic objectives: it requires that
investors receive material information concerning securities being offered for public sale
and it prohibits deceit, misrepresentations, and other fraud in the sale of securities. This
legislation was designed to require issuers to disclose important information to investors
so that they could make informed decisions. The theory is that greater public disclosure is
36
bound to discourage bad behavior. As Supreme Court Justice Louis Brandeis stated,
"Sunlight is the best disinfectant."
Congress also passed the Banking Act of 1933 to address harm caused by banks to the
investing public. In short, the Act was designed to prevent banks from selling securities,
thereby preventing them from peddling their soured investments to the public. There were
certain sections of the Act, referred to as Glass-Steagall, which prohibited commercial
banks from owning investment hanks and vice versa. For years, this was viewed as an
overly broad approach to a specific problem, yet was not addressed until passage of the
Gramm-Leach-Bliley Act of 1999.
The Securities Exchange Act of 1934 extended regulation to trading as well as securities
already issued. The Act created the Securities and Exchange Commission (SEC) and
empowered it with extensive regulatory authority over all aspects of the securities
industry and markets. Additionally, the Act requires issuers to provide information to the
marketplace by filing annual and quarterly reports. Finally, there are provisions that
prohibit fraudulent activities that cheat investors.
In response to investment company abuses, Congress again acted to minimize conflicts of
interest that arise in the operations of these companies. In 1940, the Investment Company
Act and Investment Advisors Act were passed to regulate firms that exist primarily to
invest in securities of other companies. Mutual funds are one type of investment firm
covered. This legislation included vital anti-fraud provisions for all those who meet the
definition of an investment advisor.
Despite previous legislation and Federal oversight, the savings and loan industry
experienced a crisis in the late 1980s that led to even more regulation. The Financial
Institutions Reform, Recovery and Enforcement Act of 1989 was passed to "restore the
public's confidence in the savings and loan industry." Deposit insurance and the system of
oversight were restructured to reinforce the safety of deposits, and the Resolution Trust
Corporation was created to dispose of the assets of failed institutions. Congress later
added the Comprehensive Thrift and Bank Fraud Prosecution Act of 1990 to expand the
authority of Federal regulators to combat financial fraud.
Not all structural changes were initiated by government, however, as market pressures
also can have a positive impact on corporate governance. By example, shareholder
37
activists waged battles with corporations throughout the 1990s. They fought against
poison pills (corporate actions that prevent an unsolicited takeover) and brought about
greater transparency for boards and regulators by attacking secret executive
compensation.
All of this previous legislation and private sector action had the desired effect of restoring
confidence in companies and the financial system at a critical time, and still have some
influence today. Nonetheless, these efforts did not prevent the crises that followed.
Corporate legislation has a sort of biological clock where its impact is maximized shortly
after it is enacted. Over time, the ability of new legislation to restore and maintain
confidence in public markets will fade and deterrents will weaken as the disposed learn
new ways to sidestep the installed safeguards. When the next massive fraud surfaces,
legislation again will be considered to reassure the nation and instill confidence in
markets. This can be a virtuous cycle as long as the imposed regulations do more good
than harm. Just as good legislation can contribute to confidence-building, overly
burdensome regulation can result in a loss of American initiative and competitiveness.
The Sarbanes-Oxley Act was designed to address specific abuses relevant to the latest
generation of frauds. Its focus is on corporate financial reporting and the related
responsibilities of the nation's gatekeepers. At WorldCom, the appearance of corporate
health was accomplished by passing top-side entries that turned expenses into assets. This
is relatively simple to execute. Even less complicated is to omit the disclosure of
liabilities altogether, as was the case at Adelphia Communications. On the other hand,
Enron constructed a false picture of financial health by transferring assets through a
sophisticated network of entities that had the effect of masking tree performance and
impairment of these assets. Regardless of the specific methodology, each company
managed to present a bankrupt company as a healthy going concern through manipulation
of its financial statements.
Prosecuting executives
38
The prosecution of the executives of these firms largely is occurring under a number of
laws that existed prior to the passage of the Sarbanes-Oxley Act. Nevertheless, there
seems to be no shortage of statutes on which to base indictments. In fact, one of the first
major cases utilizing the deterrents built into the Sarbanes-Oxley Act is the muchanticipated prosecution of Richard Scrushy, the former chairman and CEO of
HealthSouth Corporation, among the nation's largest health care providers. In the original
85-count indictment brought by the Department of Justice is the prosecution's allegation
that Scrushy personally certified financial statements filed with the SEC that he knew to
be false. This count, made available by the Sarbanes-Oxley Act, together with the other
counts, means that, if convicted of all of the current charges, Scrushy could have been
sentenced to up to 650 years in jail, been required to pay $36,000,000 in fines, and have
had to forfeit over $275,000,000 of real estate, airplanes, yachts, and other property.
Interestingly, false certification under the Sarbanes-Oxley Act only counts for about 20 of
the 650 possible years of jail time. As this case goes to trial, prosecutors have refined
their charges by focusing on 45 of the strongest counts, including false certification of
financial statements under Sarbanes-Oxley.
So what did Scrushy do to run so afoul of the government? Prosecutors contend that he
devised a scheme to ensure that HealthSouth would make sufficient net income to meet
the expectations of Wall Street analysts without regard to true operating performance.
CHAPTER- 09
Criticism
Congressman Ron Paul and others contend that SOX was an unnecessary and costly
government intrusion into corporate management that places U.S. corporations at a
competitive disadvantage with foreign firms, driving businesses out of the United States.
In an April 14, 2005 speech before the U.S. House of Representatives, Paul stated, "These
regulations are damaging American capital markets by providing an incentive for small
US firms and foreign firms to deregister from US stock exchanges. According to a study
39
40
creation of new public companies in America, hamstrung the NYSE and Nasdaq and cost
U.S. industry more than $200 billion by some estimates."
Previously the number of IPOs had declined to 87 in 2001, well down from the highs, but
before SarbanesOxley was passed. In 2004, IPOs were up 195% from the previous year
to 233.. There were 196 IPOs in 2005, 205 in 2006 (with a sevenfold increase in deals
over $1 billion) and 209 in 2007.
Praise
Former Federal Reserve Chairman Alan Greenspan praised the SarbanesOxley Act: "I
am surprised that the SarbanesOxley Act, so rapidly developed and enacted, has
functioned as well as it has...the act importantly reinforced the principle that shareholders
own our corporations and that corporate managers should be working on behalf of
shareholders to allocate business resources to their optimum use.
SOX has been praised by a cross-section of financial industry experts, citing improved
investor confidence and more accurate, reliable financial statements. The CEO and CFO
are now required to unequivocally take ownership for their financial statements under
Section 302, which was not the case prior to SOX. Further, auditor conflicts of interest
have been addressed, by prohibiting auditors from also having lucrative consulting
agreements with the firms they audit under Section 201. SEC Chairman Christopher Cox
stated in 2007: "SarbanesOxley helped restore trust in U.S. markets by increasing
accountability, speeding up reporting, and making audits more independent."
The FEI 2007 study and research by the Institute of Internal Auditors (IIA) also indicate
SOX has improved investor confidence in financial reporting, a primary objective of the
legislation. The IIA study also indicated improvements in board, audit committee, and
senior management engagement in financial reporting and improvements in financial
controls.
Financial restatements increased significantly in the wake of the SOX legislation and
have since dramatically declined, as companies "cleaned up" their books. Glass, Lewis &
Co. LLC is a San Francisco-based firm that tracks the volume of do-overs by public
41
companies. Its March 2006 report, "Getting It Wrong the First Time," shows 1,295
restatements of financial earnings in 2005 for companies listed on U.S. securities
markets, almost twice the number for 2004. "That's about one restatement for every 12
public companiesup from one for every 23 in 2004," says the report.
Legal challenges
A lawsuit (Free Enterprise Fund v. Public Company Accounting Oversight Board) was
filed in 2006 challenging the constitutionality (legality) of the PCAOB. The complaint
argues that because the PCAOB has regulatory powers over the accounting industry, its
officers should be appointed by the President, rather than the SEC. Further, because the
law lacks a "severability clause," if part of the law is judged unconstitutional, so is the
remainder. If the plaintiff prevails, the U.S. Congress may have to devise a different
method of officer appointment. Further, the other parts of the law may be open to
revision. The lawsuit was dismissed from a District Court; the decision was upheld by the
Court of Appeals on August 22, 2008. Judge Kavanaugh, in his dissent, argued strongly
against the constitutionality of the law. On May 18, 2009, The United States Supreme
Court agreed to hear this case. On December 7, 2009, The United States Supreme Court
heard the oral arguments for this case.
CHAPTER- 10
Conclusion
The accounting industry has, as a whole, endured quite a lot of publicity in recent years.
Accounting scandals at mega-corporations likes Tyco, Enron, and WorldCom have all
made the public painfully aware of the limitations of internal accounting practices and the
apparent ease with which corporate executives can manipulate the industry and report
false financial information. In light of that limitation, the United States government
43
passed the Sarbanes-Oxley Act (SOX) in 2002, which was primarily intended to restore
the public's trust in public accounting.
However, the act has had farther-reaching implications for the industry, the policy that
was made with it spilling over into private accounting firms, implicating corporate social
responsibility, and affecting the financial bottom lines of corporations and accounting
firms. An over-arching public company accounting board was also established by the act,
which was introduced amidst a host of publicity.
So unless we are planning on taking our small company public very soon, SarbanesOxley probably won't have any repercussions for the business. However, if we are an
investor, SOX might allow us to sleep a little easier.
References
1. Sarbanes Interview.
2. SEC Annual Budget.
3. http://www.hoovers.com/ business-information.
4. http://www.allbusiness.com.
5. http://www.sarbanes-oxley.com.
6. http://www.kesdee.com/html/sarbanesoxley.html.
44
45