What is the Sarbanes-Oxley Act 2002?

Background to the Sarbanes-Oxley Act

  • The Act is mandatory for any company with a US stock exchange listing.The Act created a Public Company Accounting Oversight Board (PCAOB) and enhanced the scope of Corporate responsibilities and the role of auditors and audit committees.Further, this act recommended complete and accurate disclosures in financial statementsFinancial StatementsFinancial statements are written reports prepared by a company’s management to present the company’s financial affairs over a given period (quarter, six monthly or yearly). These statements, which include the Balance Sheet, Income Statement, Cash Flows, and Shareholders Equity Statement, must be prepared in accordance with prescribed and standardized accounting standards to ensure uniformity in reporting at all levels.read more and stipulated various penalties in the corporate sector for wrong or fraudulent financial information.

You are free to use this image on you website, templates, etc., Please provide us with an attribution linkHow to Provide Attribution?Article Link to be HyperlinkedFor eg:Source: Sarbanes-Oxley Act (SOX) (wallstreetmojo.com)

Components of Section 404 of the Sox Act, 2002

Section 404 of the Act requires that annual financial statementsAnnual Financial StatementsAnnual Financial Statements refers to the annual presentation of the entity’s financial performance comprising a Balance Sheet, statement of profit and loss, statement of changes in equity, cash flow statement, and notes to the financial statements. It provides information to the stakeholders for making financial decisions about the business.read more must include:

  • A statement asserts management’s responsibility for the effectiveness of internal controls over financial reporting.Management conclusion on the effectiveness of internal controls over financial reportingFinancial ReportingFinancial reporting is a systematic process of recording and representing a company’s financial data. The reports reflect a firm’s financial health and performance in a given period. Management, investors, shareholders, financiers, government, and regulatory agencies rely on financial reports for decision-making.read moreDisclosure of any material weakness.An attestation by our external auditors on the effectiveness of internal controls over financial reporting.

Consequences

  • Criminal penalties – whoever:
  • certifies an inaccurate statement in the annual reportAnnual ReportAn annual report is a document that a corporation publishes for its internal and external stakeholders to describe the company’s performance, financial information, and disclosures related to its operations. Over time, these reports have become legal and regulatory requirements.read more will be fined up to US$1,000,000 or 10 years imprisonment OR BOTH
  • wilfully certifies an inaccurate statement in the annual report will be fined up to US$5,000,000 or 20 years imprisonment OR BOTH
  • Reputational damageFines/PenaltiesShare value diminution

Six Steps of Annual Sarbanes Oxley Sox Act

How do we do Operating Effectiveness Testing of Sox Controls?

  • Evaluating whether the control addresses the risks of material misstatement to the relevant assertions as intended;Evaluating whether the use of prior year and forecast information is an appropriate basis for Establishing expectations to identify potential misstatements;Evaluating whether the criteria used for identifying differences for investigation are set at an appropriate level to enable the control operator to detect misstatements that could be material to the financial statements, individually or in combination with other misstatements;Evaluating the competencies of the control operator;Evaluating whether the control operates often enough to prevent or detect misstatements before they have a material effect on the financial statements;For selected operations of the control, obtaining the information used by the control operator in the analysis, understanding the steps performed by the control operator to investigate significant differences, reperforming the analysis;

Advantages

  • The most significant advantage of this act is that Sox-covered companies can’t hide anything material from the shareholders and various stakeholders because a third party is verifying the financial statements.The second most significant advantage is increased emphasis on internal controls within an organization with proper design effectiveness assessment and operating effectiveness testing of each control.

Disadvantages/Limitations

  • The most significant disadvantage is the additional cost burden on smaller companies because the Sox act doesn’t prescribe any thresholds for smaller and larger companies. While larger companies might have various resources to be Sox compliant at no additional cost, smaller companies bear the brunt of additional compliance costs.Another disadvantage is the increased compliance fee being paid to external auditors appointed by the company due to additional compliance procedures during Sox audits.

Essential Points to Note about Change in Sarbanes Oxley Act

Sarbanes Oxley Act of 2002 (SOX) laws have undergone many changes in the last 15 years to plug all the loopholes and improve compliance by companies. While we look ahead to the next 15 years, there is a need for auditorsAuditorsAn auditor is a professional appointed by an enterprise for an independent analysis of their accounting records and financial statements. An auditor issues a report about the accuracy and reliability of financial statements based on the country’s local operating laws.read more, companies, regulators, and various stakeholders to keep up with the market scenarios’ changes, which are very dynamic. There are numerous new areas to ponder, such as technology in audits, financial reporting standards, and smoother reporting.

  • certifies an inaccurate statement in the annual reportAnnual ReportAn annual report is a document that a corporation publishes for its internal and external stakeholders to describe the company’s performance, financial information, and disclosures related to its operations. Over time, these reports have become legal and regulatory requirements.read more will be fined up to US$1,000,000 or 10 years imprisonment OR BOTH

  • wilfully certifies an inaccurate statement in the annual report will be fined up to US$5,000,000 or 20 years imprisonment OR BOTH

  • Scoping To meet S404 requirements, management must identify the scope of internal controlsScope Of Internal ControlsInternal control in accounting refers to the process by which a company implements various rules, policies, or procedures to ensure the accuracy of accounting and finance information, safeguard the various assets of the business, promote accountability in the business, and prevent the occurrence of frauds in the company.read more over financial reporting and the activities required to achieve compliance. It involves defining the materiality thresholds and identifying those processes and controls that must be tested to provide evidence of the effectiveness of the ICOFR. For Example, key Sox processes include disclosures, liquidity and segment reportingSegment ReportingSegment Reporting is the disclosure of financial details of key units or segments by public companies and is based on certain regulatory requirements. read more, Fair Value Disclosures, etc. Documentation Documentation should cover identified critical financial reporting risks and key controls and evidence to support the effective operation of critical controls. Testing To support an opinion on the effectiveness of ICOFR, management must perform a design effectiveness assessment (DEA) of in-scope processes and operational effectiveness tests (OET) of SOX Controls. Issue Evaluation All open issues impacting ICOFR must be assessed to determine their potential impact and probability of causing a material misstatement in the financial statements. Remediation Issue owners must prioritize control issues for remediation based on the classification of the problem. They must devise a remediation plan and manage the implementation, and once an issue is remediated, the controls must be retested to ensure the underlying issue has been successfully addressed. Evaluation of the Effectiveness of the ICOFR Management’s review of S404 Control issues supports the annual conclusion on the effectiveness of the ICOFR. This review is completed throughout the year, and the same is disclosed through an annual attestation in the director’s report section of the Annual Report.

To meet S404 requirements, management must identify the scope of internal controlsScope Of Internal ControlsInternal control in accounting refers to the process by which a company implements various rules, policies, or procedures to ensure the accuracy of accounting and finance information, safeguard the various assets of the business, promote accountability in the business, and prevent the occurrence of frauds in the company.read more over financial reporting and the activities required to achieve compliance. It involves defining the materiality thresholds and identifying those processes and controls that must be tested to provide evidence of the effectiveness of the ICOFR. For Example, key Sox processes include disclosures, liquidity and segment reportingSegment ReportingSegment Reporting is the disclosure of financial details of key units or segments by public companies and is based on certain regulatory requirements. read more, Fair Value Disclosures, etc.

Documentation should cover identified critical financial reporting risks and key controls and evidence to support the effective operation of critical controls.

To support an opinion on the effectiveness of ICOFR, management must perform a design effectiveness assessment (DEA) of in-scope processes and operational effectiveness tests (OET) of SOX Controls.

All open issues impacting ICOFR must be assessed to determine their potential impact and probability of causing a material misstatement in the financial statements.

Issue owners must prioritize control issues for remediation based on the classification of the problem. They must devise a remediation plan and manage the implementation, and once an issue is remediated, the controls must be retested to ensure the underlying issue has been successfully addressed.

Management’s review of S404 Control issues supports the annual conclusion on the effectiveness of the ICOFR. This review is completed throughout the year, and the same is disclosed through an annual attestation in the director’s report section of the Annual Report.

Conclusion

This has been a guide to What is the Sarbanes Oxley Act 2002 (SOX) and its Definition. Here are six steps of the annual Sarbanes Oxley Act (SOX) and its components, examples, advantages, and disadvantages. You can learn more about accounting from the following articles –

  • Compliance AuditAdverse OpinionProxy FightGenerally Accepted Accounting Principles