Sie sind auf Seite 1von 21

Sarbanes Oxley Act

Introduction to SOx
Why SOx
• Enron files for bankruptcy with $62.8
billion in assets
• WorldCom $107 billion – Largest
Bankruptcy in History
• Thousands of Investors lost Billions of
Dollars and Trillions in Confidence
• Demise of Arthur Andersen
Who are Sarbanes & Oxley
• Paul S Sarbanes – Senator from Maryland
• Michael G. Oxley Congressman fromO
Ohio
What is SOx
• Sarbanes Oxley Act 202
• Public Company Accounting Reform and
Investor Protection Act (PCARIPA) of
2002
Preamble to SOx Act 2002
To protect investors by improving the
accuracy and reliability of corporate
disclosure made pursuant to the securities
laws, and for other purposes
Who has to comply?
• Any company that list securities in US
– Large & Mid-size companies (accelerated
filers)
– Small companies (non-accelerated filers)
• Domestic (US Based)
• Foreign (ADR issuer)
Impact of SOx
• Big spending to meet compliance
requirement
• Delayed earnings report
• More accurate reporting
• Better internal control
The Act
• Component Sections
– Title I: Public Company Accounting Oversight 101-109
– Title II: Auditors Independence 201-209
– Title III Corporate Responsibility 301-308
– Title IV: Enhanced Financial Disclosure 401-409
– Title V: Analyst Conflict of Interest 501
– Title VI: Commission Resources and Authority 601-604
– Title VII: Studies and Report 701-705
– Title VIII: Corporate and Criminal Fraud 801-807
– Title IX: White-Collar Crime Penalty 901-906
– Title X: Corporate Tax Return 1001
– Title XI: Corporate Fraud and Accountability 1101-1107
Title I: PCAOB
• SOx created Public Accounting Overview Board
(PCAOB)
• PCAOB replaces AICPA for setting public
accounting auditing standards
• The Task:
– Register public accounting firms
– Set and enforce auditing standards
– Enforce Compliance
– Investigates claims and bring forth disciplinary claims
Title II: Auditor Independence
• External Auditor can not:
– Perform internal audit functions
– Install financial systems
– Provide financial statement of bookkeeping
services
– Move own company personnel into corporate
positions
– Provide investment or auditing legal services
Title VIII: Corporate Fraud
• Section 806: Whistleblower Protection
– Prohibits retaliatory action
– Ensure anonymity
– Emphasizes “Tone and the Top”
Title III: Corporate Responsibility

• Section 301: Audit Committee


– Free and independent Board Member
– Must contain a “financial expert”
– Develop an Audit Committee charter
– Control all audit functions
– Work with external auditor to ensure
compliance with SOx
Title III: Corporate Responsibility

Section 302 Financial Responsibility


• CEO/CFO certify that:
– Has reviewed the financial report
– The report contains no omissions or
misstatement of material facts
– The report fairly represent the financial
conditions
Title III: Corporate Responsibility

Section 302 Internal Control Certification


• CEO/CFO certify he/she responsibility for:
– Designing the internal control system
– Designing disclosure controls and procedures
– Evaluating the effectiveness of the internal
and disclosure controls
– Disclosing to the auditors and committee
• All significant deficiencies
• Any fraud involving internal control
Title III: Corporate Responsibility

Section 302 Internal Control Certification


• Penalty for false certification:
– $1mil and/or up to 10 years for “knowing” of a
violation
– $5mil and/or up to 20 years for “willing” of a
violation
Title IV: Enhanced Financial
Disclosure
• Code of Ethics for Financial Officers
• Periodic report disclosures
• Internal control management (see 404)
• Real time financial statement disclosures
(sec 409)
Internal Controls
What is Internal Control
“The policies, procedures, practices, and
organizational structures designed to
provide reasonable assurance that business
objectives will be achieved and that
undesired events will be prevented, or
detected and corrected”
Purpose of Internal Controls
• Aid in achieving organization’s goals and
objectives
• Assist in reliability financial reporting and
compliance
• Lead organization through its day-to-day
operations providing”
– Rules or guidelines for activities
– Identifying and mitigating risks
Section 404a: Internal Control
• Internal Control must be:
– Established
– Maintained
– Analyzed
– Assessed for effectiveness
• CEO and CFO certify internal controls are
sufficient and have been monitored within
90 days of report filling
Section 404b: Audit of Internal
Control
• Report attesting to the effectiveness of
internal controls required per fiscal year
• Material changes in internal control
system must be reported every quarter
• The report must address:
– The design of the system
– The effectiveness
– Proof of actual tests on the controls and the
result