The Sarbanes-Oxley Act 2002 Summary

Illumeo Customer Success's Profile

The Sarbanes-Oxley Act of 2002 is a law passed by U.S. Congress on July 30, 2020 protect investors from corporate fraud. Also known as the SOX Act of 2002, and the Corporate Responsibility Act of 2002, it is enforced by the Securities and Exchange Commission and imposed strong penalties for non-compliance and gave job protection to whistleblowers. Public Company Accounting Oversight Board was created to oversee the accounting industry. It has been an effective way of making sure that all publicly traded companies are operating fairly and above board. All publicly-traded companies in the United States, including wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the United States, are subject to SOX compliance.

Under the Sarbanes-Oxley Act, companies are required to perform a fraud risk assessment and assess related controls. This normally includes identifying a series of events in which loss, theft, or fraud could occur and discover if the existing control procedures manage the risk to an acceptable level effectively. The risk of manipulating financial reporting by senior management is also a key area of focus in fraud risk assessment.

Penalties for non-compliance with SOX can include:

  • Fines
  • Removal from listings on public stock exchanges
  • Invalidation of Directors and Officers (D&O) insurance policies

The highlights of the most important Sarbanes-Oxley sections for compliance are listed below.

Section 302 - Corporate Responsibility for Financial Reports

This section of the SOX Act 2002 relates to a company’s financial reporting. It requires the company’s CEO and CFO to personally review all financial reports, and verify the completeness and preciseness of all the records. They must accept personal responsibility for all internal controls and confirm that they have reviewed these controls in the past 90 days.

SOX Section 401 - Disclosures in Periodic Reports

This section of the SOX Act 2002 requires that all financial statements published by issuers to be faultless and presented should contain no misinformation or admit to state material information. These financial statements shall also include all material off-balance sheet liabilities, obligations, or transactions. The commission is required to report on the extent of off-balance transactions resulting in transparent reporting.

SOX Section 404 - Management Assessment of Internal Controls

This section of the Act states that the quarterly updates and annual financial reports must be provided to the shareholders and SEC, including an internal control report stating management’s responsibility for a seamless internal control structure and its maintenance for the effectiveness of the control structure. It also requires a company to have an annual external audit of all internal controls and their effectiveness. The finding of such an audit should be directly reported to the SEC.

SOX Section 409 - Real Time Issuer Disclosures

This section of the Sarbanes-Oxley Act (SOX) states that the organizations are required to disclose information on any material changes in their financial condition or operations, to the shareholders on an almost real-time and urgent basis.

SOX Section 802 - Criminal Penalties for Altering Documents

The alteration or destruction of financial documents is punishable by Section 802 of the Sarbanes-Oxley Act (SOX). Fine of up to $5 million or up to 20 years imprisonment can be faced by the CEOs or CFOs who willfully alter, destroy, mutilate or falsify records. Accountants who knowingly and willfully violates the obligation of maintaining the records for 5 years will also be facing up to 10 years of imprisonment.

SOX Section 902 - Attempts & Conspiracies to Commit Fraud Offenses

Under section 902 of the Sarbanes-Oxley Act (SOX), any person who knowingly alter, destroy, mutilate, or conceal any document with the intent to impede, obstruct, or influence the investigation or proper administration of an object's integrity or availability for use in an official proceeding, can be fine and/or imprisoned for up to 20 years.

SOX Section 906 - Corporate Responsibility for Financial Reports

Section 906 addresses criminal penalties for certifying a misleading or fraudulent financial report. Under SOX 906, penalties of $5 million in fines and 20 years in prison can be upwards.

Why SOX Compliance Training

Offering SOX compliance training to finance staff contributes to ensuring compliance. It can help businesses avoid mistakes that could lead to penalties and also increase the operational effectiveness of the staff. SOX compliance training helps employees understand the basic requirements as well as small details that have a significant impact on the business.

With the evolution of online technologies, eLearning has contributed to providing SOX compliance training for employees. E-Learning provides a cost-effective and favorable opportunity for students that can be implemented easily and with-in less time.

SOX implementation has strengthened the public market. The company’s SOX compliance conveys financial assurance in publicly-traded companies that stimulates investor confidence and market certainty. SOX compliance benefits companies by helping them predict the standard they will be held to. For risk assessment to be a success, it is important to identify the focus of risk assessment followed by defining the risk parameters. Focused risk assessments mean understanding the landscape of the organization’s risk exposure and controls. Companies can focus their efforts on in-scope areas presenting the greatest risk by learning about areas that do not need to be SOX compliant.

SOX compliance provides a better control awareness to the organization for financial success. SOX assessment gives a focused and clear picture to auditors and management on internal controls, and they ensure to put more effort into the activities that are important to financial reporting.

Internal auditors responsible for SOX assessment must collaborate with the owners or contributors to financial and information controls. SOX requirements encourage building stronger working relationships across teams.