18,99 €
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Fachliteratur
- Sprache: Englisch
You may not believe that there's a fun and easy way to comply with Sarbanes -Oxley, but once you have Sarbanes-Oxley For Dummies, Second Edition in front of you, you're sure to change your mind. This friendly guide gets you quickly up to speed with the latest SOX legislation and shows you safe and effective ways to reduce compliance costs. In plain English, this completely reliable handbook walks you through the new and revised SOX laws, introduces compliance strategies for changed and unchanged guidelines, and gives you an effective framework for implementation You'll find out how to create an efficient audit committee, purchase and use SOX software solutions, and make practical, cost-effective decisions in your initial compliance year and beyond. You'll also find proven strategies for staying public or going private and learn how to deal with all those SOX forms. Discover how to: * Establish SOX standards for IT professionals * Minimize compliance costs in every area of your company * Survive a section 404 audit * Avoid litigation under SOX * Anticipate future rules and trends * Create a post-SOX paper trail * Bolster your company's standing and reputation * Work with SOX in a small business * Meet new SOX standards * Build a board that can't be bought * Comply with all SOX management mandates Complete with invaluable tips on how to form an effective audit committee, Sarbanes-Oxley For Dummies is the resource you need to keep your SOX clean.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 496
Veröffentlichungsjahr: 2011
Ähnliche
Sarbanes-Oxley For Dummies, Second Edition
by Jill Gilbert Welytok, JD, CPA
Sarbanes-Oxley For Dummies, Second Edition®
Published byWiley Publishing, Inc.111 River St.Hoboken, NJ 07030-5774www.wiley.com
Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Control Number: 2008920765
ISBN: 978-0-470-22313-0
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2
About the Author
Jill Gilbert Welytok, JD, CPA, LLM, practices in the areas of corporate, nonprofit law, and intellectual property. She is the founder of Absolute Technology Law Group, LLC (www.abtechlaw.com). She went to law school at DePaul University in Chicago, where she was on the Law Review, and she picked up a Masters Degree in Computer Science from Marquette University in Wisconsin, where she now lives. Ms. Welytok also has an LLM in Taxation from DePaul. She was formerly a tax consultant with the predecessor firm to Ernst & Young. She frequently speaks on nonprofit, corporate governance, and taxation issues and will probably come speak to your company or organization if you invite her. You may e-mail her with questions you have about Sarbanes-Oxley or anything else in this book at [email protected]. You can find updates to this book and ongoing information about SOX developments at the author’s Web site, located at www.abtechlaw.com.
Dedication
To Dan.
Author’s Acknowledgments
Several exceptional professionals (whom I call The SOX SWAT Team) contributed their time and expertise reviewing and making technical edits to this book. Feel free to e-mail or call them with questions you may have about Sarbanes-Oxley that weren’t answered in this book.
Amy R. Seibel. Amy is an attorney and a CPA with Absolute Technology Law Group, LLC. Amy is an AV- rated attorney (highest rating available for lawyers) with more than 25 years of experience in legal, business, tax, and financial matters. She has practical experience as well, having previously served as CEO/CFO for two separate manufacturing businesses. More recently, she assisted several large public companies in the documentation, testing, and remediation phases of their SOX internal controls compliance initiatives. She also served as a technical editor for Nonprofit Law & Governance For Dummies. She is past president of the Association for Women Lawyers and past chairman of the Wisconsin and Milwaukee Bar Association Tax Sections.
Richard Kranitz, JD — Kranitz & Philipp. Rich has been an attorney in private practice since 1970, emphasizing securities, banking, and business law. He has served as venture capital consultant to, and director of, various private companies and a number of professional, civic, and charitable organizations.
Ronald Kral, CPA, CMA — Candela Solutions, LLC. Ron knows auditing and consulting well, having assisted more than 200 clients as a Principal Consultant at PricewaterhouseCoopers and Managing Director of a statewide CPA firm, where he worked extensively with Ernst & Young. Ron is a nationally recognized speaker on governance, business ethics, internal controls, and the Sarbanes-Oxley Act of 2002, including the COSO and COBIT frameworks, NYSE and NASDAQ requirements, PCAOB standards, and SEC regulations. Ron is also a Director of Financial Executives International’s Milwaukee Chapter. He can be reached at [email protected].
Anna Klement. Anna has completed coursework in computer engineering at the Milwaukee School of Engineering and also has a journalism degree from the University of Wisconsin-Milwaukee. Anna also has three years of experience as an IBM applications developer at a major Milwaukee-based food manufacturing firm, along with various freelance projects including Web and graphic design and technology consulting.
Daniel S. Welytok, JD, LLM — Whyte Hirschboeck Dudek S.C. Dan is a partner in the business practice group of Whyte Hirschboeck Dudek S.C., where he concentrates in the areas of taxation and business law. Dan advises clients on strategic planning, federal and state tax issues, transactional matters, and employee benefits. He represents clients before the IRS and state taxing authorities concerning audits, tax controversies, and offers in compromise. He has served in various leadership roles in the American Bar Association and as Great Lakes Area liaison with the IRS. He can be reached at [email protected].
Publisher’s Acknowledgments
We’re proud of this book; please send us your comments through our Dummies online registration form located at www.dummies.com/register/.
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial, and Media Development
Project Editor: Natalie Faye Harris
(Previous Edition: Tim Gallan)
Acquisitions Editor: Lindsay Lefevere
(Previous Edition: Kathy Cox)
Copy Editor: Jessica Smith
(Previous Edition: Elizabeth Rea)
Editorial Program Coordinator: Erin Calligan Mooney
Technical Editor: Amy Seibel
Editorial Manager: Christine Beck
Editorial Assistants: Leeann Harney, David Lutton, Joe Niesen
Cartoons: Rich Tennant (www.the5thwave.com)
Composition Services
Project Coordinator: Kristie Rees
Layout and Graphics: Stacie Brooks, Alissa D. Ellet, Melissa K. Jester, Christine Williams
Proofreaders: John Greenough, Todd Lothery, Toni Settle
Indexer: WordCo Indexing Services
Publishing and Editorial for Consumer Dummies
Diane Graves Steele, Vice President and Publisher, Consumer Dummies
Joyce Pepple, Acquisitions Director, Consumer Dummies
Kristin A. Cocks, Product Development Director, Consumer Dummies
Michael Spring, Vice President and Publisher, Travel
Kelly Regan, Editorial Director, Travel
Publishing for Technology Dummies
Andy Cummings, Vice President and Publisher, Dummies Technology/General User
Composition Services
Gerry Fahey, Vice President of Production Services
Debbie Stailey, Director of Composition Services
Contents
Title
Introduction
About This Book
Conventions Used in This Book
What You’re Not to Read
Foolish Assumptions
How This Book Is Organized
Icons Used in This Book
Where to Go from Here
Feedback, Please
Part I : The Scene Before and After SOX
Chapter 1: The SOX Saga
Plowing Through the Politics of SOX
Combating Corruption under SOX: Everyone Has a Role
A Summary of SOX: Taking It One Title at a Time
Some Things SOX Doesn’t Say: SOX Myths
Chapter 2: SOX in Sixty Seconds
Reestablishing Control after the Scandals
Four Squeaky Clean SOX Objectives
How SOX Protects the Investing Public
Rapid Rulemaking Regrets
Chapter 3: SOX and Securities Regulations
Pre-SOX Securities Laws
The Scope of SOX: Securities and Issuers
The Post-SOX Paper Trail
Behind the 8-K Ball after SOX
Annual SEC Scrutiny after SOX
Why Privately Held Companies Care about SOX
Chapter 4: SOX and Factual Financial Statements
Auditing the Auditors: 2007 Guidance from the SEC
SOX’s Recipe for Seeking Out Cooked Books
Finding Financial Information
Accessing Annual Reports
Surfing SEC Filings
Chapter 5: What’s New for Non- Accelerated Filers
A SOX Update for Small Companies
Getting the Auditor’s Opinion
Part II : SOX in the City: Meeting New Standards
Chapter 6: A New Audit Ambience
How SOX Rocks the Accounting Profession
An Example of Audit Failure: Arthur Andersen
SOX as a Substitute for Self-Regulation
Is There an Independent Auditor in the House?
What SOX Says to CPAs
Section 404: The Sin Eater Provision
Chapter 7: A Board to Audit the Auditors
Taking a New Approach to Audit Oversight
Primary Purposes of the PCAOB
Some Practical PCAOB Matters
PCAOB Rules: Old Meets New
Evolving PCAOB Policies and Issues
When the PCAOB Doesn’t Perform
Struggling for Standards
Chapter 8: The Almighty Audit Committee
Deliver or Delist: Rules of the Stock Exchanges
From the Audit Committee Annals
Starting with a Charter
The Audit Committee Interface
Some Stricter NYSE Rules
Membership Requirements
Day-to-Day Committee Responsibilities
Chapter 9: Building Boards That Can’t Be Bought
Some Background about Boards
In Search of Independent Directors
Forming Committees for Nominating Directors
Regulating Director Compensation
Some Exempt Boards . . . For the Moment
Chapter 10: SOX: Under New Management
Chiefly Responsible: CEOs and CFOs
A Section 302 Certification Checklist
Clearing Up Common Section 302 Questions
Viewing Control as a Criminal Matter: Section 906
More Reporting Responsibilities for Management and Auditors: Section 404
Taking Internal Control Seriously
Seeking Out Subcertifications
Some Good Advice for CEOs and CFOs
Chapter 11: More Management Mandates
Codifying the Corporate Conscience
New Rules for Stock Selling and Telling
Prohibiting Personal Loans
Banning Blackout Trading
Making Managers Pay Personally
Stopping Audit Inference
Part III : Scaling Down Section 404
Chapter 12: Clearing Up Confusion about Control
The Nuts and Bolts of Section 404
When Do Companies Have to Comply with Section 404?
Section 302 “Internal Control” versus Section 404 “Internal Control”
Controlling the Cost of Compliance
Chapter 13: Surviving a Section 404 Audit
Dividing Responsibilities in a Section 404 Audit
What Is (and Is Not) Related to the Audit
Complying with Auditing Standard No. 5
Flunking a Section 404 Audit
Chapter 14: Taking the Terror Out of Testing
The Price of the Project
Hail to the Documenters
Caveats about Controls
Ogling the Outside Vendors: SAS 70 Reports
Evaluating Control with the COSO Framework
A Bit about COBIT
Part IV : SOX for Techies
Chapter 15: Getting Technical with SOX
Some Specific SOX Sections That Talk to Techies
Getting a SOX-ified System in Place When . . .
Evaluating Your Systems after SOX
Preventing Control Problems before They Happen
Falling Back on COBIT
Chapter 16: Surveying SOX Software
Some SOX Software Trends
Identifying the Types of Software on the Market
Shopping for SOX Software
SOX Meets Cousin IT
The COSO Standards for Software
Complying with COBIT
Chapter 17: Working with Some Actual SOX Software
Doing Your Research before a Software Installation
Getting to Know SarbOxPro
Opting for Other Types of Software Solutions
Part V : To SOX-finity and Beyond
Chapter 18: Lawsuits under SOX
The Smoking Gun: Knowledge
The First Big SOX Trial: Richard Scrushy
Another Test of the “Ignorance” Defense: Kenneth Lay
Timing Is Everything: Andersen, Ernst, and KPMG Litigation Outcomes
The Gemstar Case: Interpreting Section 1103
Suing under SOX Section 304
Suing under Section 806: The Whistle-Blower Provision
Chapter 19: The Surprising Scope of SOX
Outsourcing under SOX
Extending SOX Principles to Not-for-Profits
SOX and Foreign Companies
Part VI : The Part of Tens
Chapter 20: Ten Ways to Avoid Getting Sued or Criminally Prosecuted Under SOX
Maintain an Active and Visible Audit Committee
Communicate about How to Communicate
Combat Policy Paranoia and Section 404 Audit-Chondria
Keep Bonuses within Bounds
Separate the Whistle-Blowers from the Whiners
Invest in IT Tools and Tricks
Do Something with All That Data
Disclose Triggering Events on Time
Document What’s Delegated
Focus on Product and Service Delivery
Chapter 21: Ten Tips for an Effective Audit Committee
Pick the Right Number of Members
Set Up Subcommittees
Find a Financial Expert
Create Questionnaires
Adopt a Smart Charter
Keep Track of Complaints
Communicate Liberally
Report Annually
Identify Conflicts . . . and Nonconflicts
Give Notice When Needed
Chapter 22: Ten Smart Management Moves
Form a Disclosure Committee
Set Reporting Schedules
Have More Meetings and Send Less E-mail
Challenge Outdated and Overly Detailed Policies
Review Reports with Their Preparers
Keep Up with Current Certification Requirements
Avoid Animosity with the Audit Committee
Don’t Confuse Certification with Control
Consider Getting Subcertifications
Track All the Timelines
Chapter 23: Ten Things You Can’t Ask an Auditor to Do After SOX
Keep Your Books
Fix Your Financial Information Systems
Appraise Company Property
Act as an Actuary
Perform Internal Audit Services for Your Company
Fill In for Your Management Team
Be a Headhunter
Advise You on Investments
Dispense Legal Advice
Give You an Expert Opinion
Chapter 24: Top Ten Places to Get Smart about SOX
Sample SOX-online
Peruse the PCAOB Web Site
Visit the SEC Web Site
Get Inside Sarbanes-Oxley Trenches
Link to the AICPA Web Site
Frequent the Forum
Click On the COSO Web Site
Find the FEI Web Site
Spring for a Subscription to Compliance Week
Don’t Forget Wikipedia!
Part VII : Appendixes
Appendix A: Selected Sections, Auditing Standard No. 5
Appendix B: Sample Certifications
Sample General Section 302 Certification
Sample Section 906 Certification
Sample Subcertification of Employee
Appendix C: Sample Audit Committee Charter
Audit Committee Charter
Appendix D: Sample Code of Ethics
Business Conduct and Ethics Policy
Appendix E: Sample SAS 70 Report
: Further Reading
Introduction
Welcome to Sarbanes-Oxley For Dummies, 2nd Edition. Whether you’re a CEO or CFO, governance officer, CPA, manager, entrepreneur, file clerk, or cleric, this book is for you. It’s designed to tell you where you fit into the grand scheme of corporate compliance and why you’re being asked to do what you do by your board of directors, banker, customers, and clients.
Having the big picture straight in your mind helps ensure that you won’t lose track of the minutiae and details that accompany the sweeping piece of legislation that is Sarbanes-Oxley, whether you’re gearing up for initial compliance or attempting to streamline in subsequent years. If you’re part of a private company or not-for-profit, I offer special congratulations to you. After all, you’re savvy enough to know that Sarbanes-Oxley is here to stay and that it’s becoming the gold standard for fair, ethical, and efficient business practices (whether you’re obligated to comply or not).
About This Book
The Sarbanes-Oxley Act, or SOX as it’s affectionately called in the world of corporate governance, is a responsive piece of legislation. Like the securities laws passed in the 1930s, SOX was passed in response to a real crisis and to genuine public outrage. It sailed through Congress on a wave of bipartisan support surprisingly free of lobbying and loophole legislating. Instead, Congress left the details to the Securities and Exchange Commission (SEC) and the newly created Public Company Accounting Oversight Board (PCAOB). This book walks you through SOX’s rather piecemeal rules and pronouncements and gives you a sense of how to anticipate future trends and traps in this area of the law.
The goal of Sarbanes-Oxley For Dummies, 2nd Edition, is to give you a helicopter view of the regulatory terrain while helping you focus a beam on the key details of the legislation. This book is intended to give you a sophisticated understanding of the purpose and structure of the legislation as it affects many disciplines and areas of the law. This book is sure to empower you with the level of insight you need for practical, cost-effective decision-making. It will assist you with the following:
Understanding why SOX was passed: Looking at the kind of conduct SOX was intended to combat can help you create meaningful standards for the company with which you work or are affiliated.
Instituting cost-effective compliance with SOX: This book’s practical view of the legislation can keep you from becoming bogged down in regulatory details and allowing lawyers and accountants to go off on expensive tangents that have little to do with the essence of SOX.
Finding answers on specific SOX issues: This book explains how and where to find SEC rules and pronouncements that are critical to implementation of SOX and translates those rules into plain English.
Avoiding lawsuits and regulatory actions: This book, although not intended to be a substitute for a good securities lawyer or a CPA, takes a hard look at who gets sued under SOX and how you can avoid having your company or yourself added to the list of litigants.
Anticipating future rules and trends: SEC rules and PCAOB pronouncements under SOX continue to be issued with regularity. But with a comprehensive understanding of what the law is designed to do, you’ll be less surprised by what’s ultimately issued.
Conventions Used in This Book
It’s unfortunate, but understanding SOX means that you’re going to run into lots of legal jargon and accounting minutiae. To give you a jump start, I define some legal and accounting terms in this book and use italic font to make such terms stand out a bit. I also use boldfaced words to highlight key words in bulleted lists and numbered steps. Monofont indicates Web addresses, which I refer to often.
When this book was printed, some Web addresses may have needed to break across two lines of text. If that happened, rest assured that we haven’t put in any extra characters (such as hyphens) to indicate the break. So, when using one of these Web addresses, just type in exactly what you see in this book, pretending as if the line break doesn’t exist.
What You’re Not to Read
I occasionally wander off-topic to discuss something historical, technical, or interesting (or, at least, interesting to me!). In these instances, I set the discussions apart by placing them in sidebars, which are the gray boxes you’ll see from time to time throughout the book. Because the text in sidebars is nonessential, feel free to skip it if it doesn’t interest you.
Foolish Assumptions
When writing this book, I had to make a few assumptions about who my readers would be and what kind of information they’d be looking for. This section explains those assumptions. For example, I assume you want to understand the Sarbanes-Oxley Act in a way you can’t achieve by suffering through the 80-some pages of the statute and 1,000 or so pages of related congressional hearings. You want to make sure you have a handle on the important aspects of the legislation, how it affects you and your company, and how companies can comply most cost-effectively.
Additionally, if you’re a service provider such as a lawyer or CPA, I assume that you’re looking for insight into the following tasks — insights you would glean from the legal and accounting professionals involved in writing this book (whose credentials and accomplishments are listed on the acknowledgments page):
Recognizing and creating a legally effective, fully compliant corporate governance framework
Determining what aspects of SOX apply to your company or should be voluntarily adopted by your company (whether it’s publicly traded, privately held, or not-for-profit)
Managing and streamlining Section 404 compliance as well as seizing opportunities and benefiting from information resulting from the unprecedented testing and documentation of business processes all across the United States
Interpreting media accounts, court cases, and economic projections involving SOX
How This Book Is Organized
Sarbanes-Oxley is an extremely broad piece of legislation, spanning legal, accounting, and information technology disciplines, so this book is chock-full of information. But not to worry: The index and table of contents will help you find your way. The chapters in this book treat each topic independently without assuming you’ve read previous chapters (as a textbook might), so you can use them as references and jump around to find what you need. This book is divided into six parts, which I explain in the following sections.
Part I: The Scene Before and After SOX
This part of the book starts at the beginning, explaining why SOX was passed and taking you on a tabloid tour of the corporate scandals that inspired it — Enron, WorldCom, Adelphia, Global Crossing, and more. These chapters shock you with tales of greed and manipulation and walk you section-by-section through the legislation, explaining what each provision is intended to accomplish.
Part II: SOX in the City: Meeting New Standards
The chapters in this part spell out who’s affected by which provisions. You find out why the accounting profession is no longer self-regulating, and you’re introduced to the new audit ambience that SOX provides. You also get a good look at what SOX means for management, including what’s expected of boards and the committees formed under their direction.
Part III: Scaling Down Section 404
SOX Section 404 is a big enough deal to warrant its own part in this book. These chapters take you by the hand and guide you through the dreaded Section 404 audit process. They tell you how to manage a Section 404 project and when and how to cut compliance costs without cutting corners.
Part IV: SOX for Techies
This part is all about software. It explains how software can help you comply with SOX and what to look for when investing in information technology to carry out SOX objectives. These chapters show you some of the more cost-effective products on the market and suggest particularly useful systems for small to mid-size companies.
Part V: To SOX-finity and Beyond
This part looks at the future of SOX and corporate governance. These chapters take you into the courtroom to see who’s getting sued under SOX and what the outcomes are. This part also looks at what SOX means for outsourced services and service providers and explains when special SAS 70 reports are required (as well as when they aren’t).
Part VI: The Part of Tens
The chapters in this part provide the skinny on important subjects, including what every audit committee absolutely needs to undertake, how to avoid getting sued under SOX, and even how to save money with SOX. In essence, this part of the book is about taking control and proceeding confidently under SOX.
Part VII: Appendixes
The appendixes in the book contain useful reference materials and forms you can actually put to use in your company.
Icons Used in This Book
For Dummies books use little pictures, called icons, to flag parts of the text that stand out from the rest for one reason or another. Here’s what the icons in this book mean:
Time is money. When you see this icon, your attention’s being directed to a compliance shortcut or timesaving tip.
This icon signals the type of advice you may get in a lawyer’s office if your company were paying the exorbitant going rates. Of course, the information highlighted by this icon is no substitute for sound legal advice from your own company attorney, who actually knows the facts of your individual situation.
This icon indicates that you’re getting the kind of tip your audit or CPA firm might dispense. Of course, you should actually consult a real accounting professional before acting on anything that follows this icon.
This is a heads-up warning to help you avoid compliance mistakes, legal traps, and audit imbroglios.
This icon flags particularly noteworthy information — stuff you shouldn’t forget.
Where to Go from Here
Because I wrote each chapter of this book as a stand-alone treatment of the topic covered, you can start with Chapter 1 and read the whole book, or you can skip around and brush up only on the topics that interest you at the moment. If you’re new to SOX, I recommend you start with Part I. If you’re hip to securities law in general and SOX in particular, skip ahead to the parts in the book that address your particular needs or concerns.
Feedback, Please
I’m always interested in your comments, suggestions, or questions, so I’d love to hear from you. Send me an e-mail message at [email protected] or visit my Web site at www.abtechlaw.com. On that site, you’ll find contact information for all the great legal and accounting professionals who helped with this book (I’ve included their credentials and accomplishments on the acknowledgments page).
Part I
The Scene Before and After SOX
In this part . . .
The Sarbanes-Oxley Act, or SOX, didn’t pop up out of nowhere. Rather, its passage is rooted in some steamy corporate scandals. This part examines how Congress responded to events surrounding Enron, Tyco, WorldCom, Global, TelLink, and Adelphia in a bipartisan whirlwind. This part also looks at how this far-reaching legislation affects existing securities legislation, what it says, what it certainly doesn’t say, and how it has spawned some mighty media myths.
Chapter 1
The SOX Saga
In This Chapter
Riding the wave of political support for SOX
Discovering the various roles of those affected by SOX
Looking at the opposition to SOX
Surveying SOX’s impact
Debunking some common media myths about SOX
In response to a loss of confidence among American investors that was reminiscent of the Great Depression, President George W. Bush signed the Sarbanes-Oxley Act into law on July 30, 2002. SOX, as the law was quickly dubbed, is intended to ensure the reliability of publicly reported financial information and bolster confidence in U.S. capital markets. SOX contains expansive duties and penalties for corporate boards, executives, directors, auditors, attorneys, and securities analysts.
Although most of SOX’s provisions are mandatory only for public companies that file a Form 10-K with the Securities and Exchange Commission (SEC), many private and nonprofit companies are facing market pressures to conform to the SOX standards as they become the norm. Privately held companies that fail to reasonably adopt SOX-type governance and internal control structures are facing increased difficulty in raising capital. They’re also facing higher insurance premiums and a loss of status among potential customers, investors, and donors. They’ve even been threatened with greater civil liability. In the nonprofit world, the lack of SOX internal controls may be viewed as a violation by the directors of the business judgment rule.
July 30, 2007, marked the fifth anniversary of SOX, the law deemed to be the most significant piece of corporate legislation. Now look at the last few years. What was SOX supposed to accomplish? What did it actually accomplish? Who are the winners and losers in the SOX saga? In this chapter, I take a look at the political impetus for SOX and summarize some key provisions of the SOX statute in plain English. I also dispel a few common SOX myths.
Plowing Through the Politics of SOX
SOX passed through both houses of Congress on a wave of bipartisan political support not unlike that which accompanied the passage of the U.S. Patriot Act after the terrorist attacks of 2001. Public shock greased the wheels of the political process. Congress needed to respond decisively to the Enron media fallout, a lagging stock market, and looming reelections (see Chapter 2 for details). SOX passed in the Senate 99–0 and cleared the House with only three dissenting votes.
Because political support for SOX was overwhelming, the legislation wasn’t thoroughly debated. Thus, many SOX provisions weren’t painstakingly vetted and have since been questioned, delayed, or slated for modification.
For the past 70 years, U.S. securities laws have required regular reporting of results of a company’s financial status and operations. SOX now focuses on the accuracy of what’s reported and the reliability of the information-gathering processes. Because of SOX, companies must implement internal controls and processes that ensure the accuracy of reported results.
Prior to SOX, the Securities Act of 1933 was the dominant regulatory mechanism, and it remains in force today. The 1933 Act requires that investors receive relevant financial information on securities being offered for public sale, and it prohibits deceit, misrepresentations, and other fraud in the sale of securities.
The SEC enforces the 1933 Act requiring corporations to register stock and securities that they offer to the public. The registration forms contain financial statements and other disclosures to enable investors to make informed judgments when purchasing securities. (For more about the securities registration process, flip to Chapter 3.) The SEC requires that the information companies provide be accurate and certified by independent accountants.
SEC registration statements and prospectuses become public shortly after they’re filed with the SEC. Statements filed by U.S. domestic companies are available on the EDGAR database accessible at www.sec.gov.
Taking advantage of a loophole
SOX provides that publicly traded corporations of all sizes must meet its requirements. However, not all securities offerings must be registered with the SEC. Some exemptions from the registration requirement include:
Private offerings to a limited number of persons or institutions
Offerings of limited size
Intrastate offerings
Securities of municipal, state, and federal governments
The SEC exempts these offerings to help smaller companies acquire capital more easily by lowering the cost of offering securities to the public. In contrast, SOX provides that publicly traded corporations of all sizes must meet certain specific requirements depending on the size of the corporation.
Not everyone’s a SOX fan
In 2002, only three Congressmen opposed the 2002 passage of SOX: GOP Representatives Ron Paul of Texas, Jeff Flake of Arizona, and Mac Collins of Georgia. Congressman Flake observed:
Obviously there are businesses that were acting in a fraudulent manner. We still have that today, and there are laws on the books that thankfully are being used more aggressively today to get at these businesses. But when we react so quickly, sometimes without the best knowledge of how to do this, without some of these investigations taking their course, without these enforcement agencies giving us full recommendations, then we have unintended consequences.
Five years after the passage of SOX, many businesses and politicians are echoing the sentiments of Congressman Flake. The greatest criticism has been the financial burden imposed on small companies. The SEC received so many complaints about the disproportionately high costs of compliance for smaller public companies that it convened an Advisory Committee on Smaller Public Companies to investigate them.
In response, the SEC has voted twice to extend the compliance deadline for Section 404 smaller public companies, called non-accelerated filers, (Section 404 is discussed in Chapter 12.) The SEC has continued to extend the compliance deadline primarily because it has acknowledged that the costs of compliance for smaller companies greatly exceeded estimates.
The ongoing date debate
The SEC first extended the deadline for small-cap companies by one year, voting in March 2005 to push the compliance date to July 2006. When this extension failed to stop the grumbling about costs and confusion regarding compliance, the SEC decided in September 2005 that small companies (defined as those with less than $75 million of stock in the hands of public investors) wouldn’t be required to comply with the Section 404 requirements until their first fiscal year ending on or after July 15, 2007. Two more extensions followed.
In December 2006, most publicly traded companies got a very special Christmas gift. This gift came in the form of an extension for compliance with financial reporting requirements set by SOX for at least one more year. This deadline extension means that smaller public companies don’t have to provide a dreaded auditors report until the time the financial reports are due for fiscal years ending December 17, 2007, or later. Because the financial reports usually aren’t due until six months after the close of the fiscal year, this generally means that the companies affected are looking at 2008 compliance deadlines.
The SEC reports say that 7,402 smaller public companies make up 78.5 percent of the total number of public companies nationwide. This means that the majority of companies to which SOX applies have yet to ante up.
As this book is being written, the SEC is talking about granting yet another extension, because the agency isn’t sure it has enough guidelines and rules in place to help companies comply. SEC officials have publicly stated that they’re considering extending the deadlines again.
Examining the perceived woes of compliance
In addition to the burden on small business, SOX is criticized for the sheer confusion it has created. SOX requires accounting firms and companies to simultaneously monitor several evolving sets of interpretive standards from the SEC and the PCAOB. Early attempts to implement SOX have been accompanied by more resignations within regulatory agencies than shake-ups in corporate boardrooms. The PCAOB is on its third chairman in as many years, as discussed in Chapter 7, and turnover at the SEC has been equally eventful since SOX.
Regulatory confusion isn’t the only culprit; many companies have contributed to their own SOX woes by simply failing to plan properly. The start-up costs of any initiative are always highest in the beginning; however, many companies simply panicked, hiring teams of expensive consultants and launching overlapping and ill-conceived projects to document their controls under SOX. This initial “spare-no-expense” approach may have helped some companies meet a deadline, but it also established the framework for new internal bureaucracy.
A final, broader criticism waged against SOX is its effect on the competitiveness of U.S. businesses. Many argue that SOX is a major distraction from the core activities of businesses, making them less viable in a global marketplace. In other words, management must spend more time jumping through regulatory hoops and less time innovating. According to other folks, SOX also makes it more difficult and costly for technologically innovative companies to raise capital by selling their stock on U.S. exchanges because of the increased regulatory burden. (See Chapter 3 for an explanation of securities registration requirements and stock exchanges.)
New ammunition for aggrieved investors
SOX gives public companies specific directives as to how financial information offered to the public must be compiled. However, it stops short of giving investors a right to sue companies privately for failing to meet these standards. Rather, with the exception of SOX Section 306 (dealing with stock trading during pension fund blackout periods), investors must wait for the SEC and Justice Department to bring actions against companies for SOX violations. In other words, investors can’t hire their own lawyers to initiate action on their behalf.
Although there’s no “private right” to sue directly under SOX, shareholders and litigants are in a much stronger position after SOX than under the old federal and state statutes. For instance, companies are facing increased exposure when they’re defending lawsuits brought by shareholders under other securities laws. Many of these lawsuits involve evidence that’s uncovered during the course of complying with SOX.
Prior to SOX, federal and state laws didn’t establish specific standards for corporations in compiling the information they fed to the public in their financial reports. If investors were damaged or defrauded, the investors themselves were responsible for persuading judges that the information they had received wasn’t truthful or accurate, without reference to any specific standards. In fact, aggrieved investors had only an amorphous body of analogous facts from prior court cases to try to convince courts to apply their specific situation. Now plaintiffs may strengthen their claims and arguments by referencing the standards set forth in SOX.
Corporate America after SOX
SOX defines specific duties for employees and board members and dictates the structure of boards of directors. It even tells corporations how they have to conduct their day-to-day operations to prevent theft and misappropriation, which requires them to maintain adequate internal controls. (I talk more about internal controls in Chapter 12.) SOX also elbows out state governments in their traditional roles of governing corporations, making corporate law in the United States much more federalized.
In late 2006 and early 2007, after a great deal of haggling, both the SEC and the Public Company Accounting Oversight Board, or PCAOB, issued all new rules for companies and auditors regarding reporting and auditing on internal control of financial reporting under Section 404. These new rules were a reaction to the financial burden that implementing SOX Section 404 placed on most of the nation’s companies.
For example, the SEC issued special safe harbor rules to provide companies clearer guidance so they don’t incur unnecessary costs by guessing under SOX. And the PCAOB has decided to replace its much-dreaded and criticized Auditing Standard No. 2, which detailed what audit firms had to do to comply with SOX, with a new standard, Auditing Standard No. 5 (see Appendix A for more on these standards). The PCAOB is collecting public comments on its proposed standard as this book is being written. In February 2007, the agency will start reviewing the comments and drafting the new standard.
Combating Corruption under SOX: Everyone Has a Role
SOX is a multidisciplinary piece of legislation that regulates several professions simultaneously. Board members, auditors, attorneys, management, small business owners, and even rank-and-file employees all have their own statutorily scripted roles to play. The following sections explain everyone’s role, and the effects that those roles have.
Assisting with internal control: The independent audit board
One of the most significant reforms introduced by SOX is the requirement that corporations create audit committees made solely of independent directors. Board members are considered independent as long as they receive no salary or fees from the company other than for services as directors.
The audit committee is responsible for obtaining information from management that’s relevant to the audit and otherwise assisting in the audit process. This committee is viewed as an important part of a company’s internal control because it provides a company presence that’s entirely independent from management and interfaces with the independent auditors (from an outside firm). For more coverage of the audit committee’s responsibilities, check out Chapter 8.
Ironically, one firm that would have been able to comply with SOX’s director independence requirements before the law was passed was Enron. Eighty-six percent of Enron’s board was independent. A former dean of the Stanford Business School and professor of accounting chaired its audit committee. Yet when the scandal broke, the professor claimed he didn’t understand the audit documentation.
SOX presumes that boards made of independent directors will look out for shareholders’ interests and ask auditors to more carefully review management policies and decisions that can affect profitability. However, in the end, an independent audit committee isn’t a panacea and doesn’t guarantee objectivity in the audit process. The committee, the board, and the auditors all must rely on the accuracy of the information they get from management and regarding management to recognize, anticipate, and prevent problems.
SOX regulates the membership composition of boards but doesn’t specifically regulate their behavior.
Testing the accounting data: Auditors
In the wake of Sarbanes-Oxley, many corporations have reported that they can’t find a sufficient number of internal auditors. Prior to SOX, Arthur Andersen was not only the world’s largest public accounting firm, but it was also the largest training ground for auditors of publicly traded companies.
Auditors are the traditional arbiters of accurate information within a company. They’re the accountants responsible for testing the accounting data gathered from management and from rank-and-file employees. Auditors may be either internal employees of a company or independent auditors working for an outside firm.
Both internal and independent auditors adhere to Generally Accepted Accounting Principles (GAAP). GAAP is a term that refers to the rules established by the Financial Accounting Standards Board, the American Institute of Certified Public Accountants, and the SEC, which is the standard-setting body for publicly traded U.S. companies and the exchanges that list their stock. GAAP contains a number of provisions designed to ensure auditors’ independence, objectivity, and professionalism. An auditor must certify that a company’s financial statements are fairly presented in accordance with GAAP and contain no material irregularities that would adversely affect reported results.
Tainting the reputation of auditors
Traditionally, auditors have been viewed as pretty trustworthy people. The Enron scandal that led to the demise of the nation’s largest independent auditing firm, Arthur Andersen, changed all that. Congress and the public were shocked that one of the world’s largest corporations (Enron) could collapse within five months of receiving a clean opinion from its auditors at Arthur Andersen. (I talk more about the Enron and Arthur Andersen stories in Chapters 2 and 6.)
At the Enron trials, senior managers testified that the auditors never brought material issues to the managers’ attention. The managers claimed that although they had ultimate responsibility for what was included in the financial statements with the SEC, they couldn’t know what the auditors didn’t tell them. It also came to light that the so-called independent auditors weren’t so independent. In addition to providing audit services, they provided a myriad of highly lucrative consulting, tax, and other support services to Enron, which meant that the audit firm had tremendous financial incentives to stay on good terms with Enron instead of being vocal about the company’s accounting flaws.
Enron wasn’t the only scandal that tainted the audit industry. During the Savings and Loan (S&L) crisis of the 1980s, auditors failed to take into account the industry’s shift from home loans to riskier real estate ventures and junk bonds. As a result, many S&Ls went bankrupt just months or even weeks after getting clean opinions from their auditors.
Eliminating self-regulation
To resolve problems associated with self-regulation (which had previously been the norm for the accounting profession), SOX creates the Public Company Accounting Oversight Board (PCAOB), a regulatory oversight board. This board is charged with the enormous responsibilities of setting ethics and conflict of interest standards as well as disciplining accountants and conducting annual reviews of large accounting firms. (For more on the PCAOB, turn to Chapter 7.)
Besides losing the right to regulate itself, the accounting profession can no longer market and compete for business in the same way either. SOX makes it unlawful for a registered audit firm to provide many types of nonaudit services to its clients that were formally its bread-and-butter. For example, an audit firm can’t provide bookkeeping, financial information systems design, appraisal, evaluation, actuarial, or investment services to clients that it audits. (However, audit firms can make up some, if not all, of this lost income by performing internal control audits under Section 404 of SOX; see Chapter 12.)
According to a survey by the law firm Foley & Lardner, accounting, audit, and legal fees doubled under Sarbanes-Oxley. The costs of directors’ liability insurance skyrocketed in the first year after the Act was passed. These costs have since leveled off, but experts agree that they will never drop to pre-SOX levels.
Using the new noisy liability: Lawyers
Incident to its authority to make rules under SOX, the SEC has proposed a controversial noisy withdrawal rule for attorneys. The rule would require a lawyer who learns of a corporate client’s wrongdoing to alert SEC regulators to the nature of any ongoing fraud before withdrawing from representation. Attorneys who are unable to persuade a corporate client to mend its ways would be required to notify the SEC that they’re withdrawing from representation. Not surprisingly, opponents have argued that the rule violates traditional concepts of attorney-client privilege. However, the American Bar Association has taken the position that noisy withdrawal doesn’t violate the privilege.
Certifying financial reports: CEOs and CFOs
SOX forces corporate chief executive officers (CEOs) and chief financial officers (CFOs) to take responsibility and possibly face criminal penalties for earnings misstatements. They’re required to certify in writing that the information appearing in the company’s report is a fair and accurate representation of the company’s financial status and activity.
Not only do criminal penalties apply if officers and directors misstate financial information, but these individuals also can be required to give back their bonuses to compensate the company for the costs of redoing the financial statements. (For more on the consequences that officers and directors face for misstatements, check out Chapter 2.) Under SOX, each member of management is expected to certify that he or she runs a clean ship — no excuses.
Staying clean voluntarily: Small businesses and nonprofits
Although SOX was passed to deal with mega-scandals like Enron and WorldCom, it’s becoming a catastrophe for American small business. As of this writing, although the wording of the SOX statute technically applies only to publicly traded corporations, it’s the benchmark against which every privately held company’s financial and corporate governance practices are measured.
For instance, banks and insurance companies report that they routinely ask small, privately held companies about their internal controls and audit procedures. Failure to answer convincingly can result in more costly credit or higher insurance premiums.
Nonprofits, which can’t afford a hint of scandal that may ruin their credibility with donors, are rushing to adopt governance and conflict-of-interest policies in line with SOX. (See Chapter 19 for more on how SOX affects the nonprofit sector.)
Start-ups and new ventures are also facing increased hurdles as they attempt to “go public” by becoming eligible to list their stock on exchanges.
Adhering to procedures: The rank-and-file employees
SOX imposes new burdens on rank-and-file employees, often requiring them to adhere more carefully to company procedures or to complete additional documentation to carry out new internal control measures. However, SOX empowers blue-collar and other nonmanagerial employees in other ways:
Section 301(4) requires publicly traded companies to collect, retain, and resolve complaints from employees.
Section 806 specifically protects whistle-blowers who report violations of law or company policy from suffering retaliation by the company.
Overseeing corporate policy: New high–paid governance gurus
Nearly every public company has designated specific management or legal personnel who are responsible for overseeing the corporate governance policies that help them stay in line with SOX. A 2005 survey posted on Salary.com reported compensation for many top global ethics and compliance executives to be approaching $750,000.
A Summary of SOX: Taking It One Title at a Time
The SOX statute is more or less an outline, with full details coming in the form of SEC rules for implementation as well as pronouncements from the newly created PCAOB. Most of SOX’s provisions currently apply to public companies that file Form 10-K with the SEC; however, more and more companies are opting for voluntary compliance to insulate themselves from future litigation risks and unforeseen management liabilities.
This section gives you a broad view of what the new law contains and what it requires of today’s companies in the United States.
Title I: Aiming at the audit profession
SOX establishes a five-member Public Company Accounting Oversight Board (PCAOB) that tells auditors what they’re supposed to be evaluating and sets rules about the relationships and ties auditors can have with the companies they audit.
The SEC oversees the PCAOB, which is funded through fees collected from issuers. The PCAOB (affectionately nicknamed “Peek-a-boo” by many auditors, attorneys, and other professionals) has the following responsibilities:
To oversee the audit of public companies: The accounting profession used to regulate itself through a voluntary organization known as the Association of Independent Certified Public Accountants (AICPA), but Enron proved that the old system didn’t work very well.
To establish audit report standards and rules: Auditors wait avidly for the issue of these standards and rules to clear up confusion and aid them in performing their day-to-day duties after SOX.
To register audit firms: The PCAOB is in charge of registering, inspecting, investigating, and enforcing compliance of public accounting firms as well as CPAs and other people in the profession. Any public accounting firm that participates in any audit for a company covered by SOX is required to register with the PCAOB.
Title I of SOX also empowers the PCAOB to impose disciplinary or remedial sanctions on audit firms. Title I of SOX provides for change in several major areas:
Work paper retention: Title I contains some new administrative requirements for auditors, including a rule that audit firms retain all their work papers for seven years.
Two-partner requirement: Two partners now have to sign off on every audit.
Evaluation of internal control: Auditors must evaluate whether the companies they audit have internal control structures and procedures that ensure that their financial records accurately reflect transactions and disposition of assets. Auditors must also assess whether the companies appropriately authorize receipts and expenditures and verify that transactions are made only with authorization of senior management. If companies don’t have adequate internal controls in place, the auditors must describe any material weaknesses in the internal control structures and document instances of material noncompliance.
Inspections of audit firms: Auditors must submit to continuing inspections by the PCAOB. Firms that provide audit reports for more than 100 public companies get inspected once a year. Firms that audit fewer than 100 companies get reviewed every three years.
Title II: Ensuring auditor independence
Title II of SOX focuses on conflicts of interests arising from close relationships between audit firms and the companies they audit; namely, it prohibits auditors from performing certain nonaudit services to clients they audit. However, SOX allows audit committees (internal committees charged with overseeing the audit process within publicly traded companies) to approve some nonaudit services that aren’t expressly forbidden by Title II of SOX (see Chapter 8 for more on audit committees and nonaudit services). Title II also requires auditors to report to the audit committee on accounting policies used in the audit and document communications with management.
To further protect against conflicts of interest, audit partners must be rotated to prevent individuals from getting too close to the companies they audit. Specifically, a partner is prevented from being the lead or reviewing auditor for more than five consecutive years. An auditor faces a one-year prohibition if the company’s senior executives were employed by that audit firm during the one-year period preceding the audit initiation date.
Title III: Requiring corporate accountability
Title III of SOX focuses on the company’s responsibility to ensure that the financial statements it distributes to the public are correct. Its two main provisions include:
Establishment of audit committees: SOX requires each company subject to SOX to form a special audit committee. Each member of the audit committee must be a member of the board of directors but otherwise independent in the sense that he or she receives no other salary or fees from the company. (See Chapter 8 for more on these committees.)
Management certification: Title III requires CEOs and CFOs to certify:
• That periodic financial reports filed with the SEC don’t contain untrue statements or material omissions
• That financial statements fairly present, in all material respects, the financial conditions and results of operations
• That the company’s CEOs and CFOs are responsible for internal controls, and that the internal controls are designed to ensure that management receives material information regarding the company and any consolidated subsidiaries
• That internal controls have been reviewed within 90 days prior to the report
• Whether any significant changes have been made to the internal controls
Title III also makes it unlawful for corporate personnel to exert improper influence on an audit for the purpose of rendering financial statements materially misleading. For example, Title III does the following:
It requires a company’s CEO and CFO to forfeit certain bonuses and compensation received if the company has to issue corrected financial statements (called restatements) due to noncompliance with SEC rules.
It bans directors and executive officers from trading their public company’s stock during pension fund blackout periods.
It obligates attorneys appearing before the SEC to report violations of securities laws and breaches of fiduciary duty by a public company.
For the benefit of victims of securities violations, it creates a special disgorgement fund that’s funded by the fines companies have to pay to the SEC.
Title IV: Establishing financial disclosures, loans, and ethics codes
Title IV contains several key SOX provisions, including the following:
Disclosure of adjustments and off–balance sheet transactions: Financial reports filed with the SEC must reflect all material corrections to the financial statements made in the course of an audit. This title also requires disclosure of all material off–balance sheet transactions and relationships that may have a material effect on the financial status of an issue.
Prohibition of personal loans extended by a corporation to its executives: Such loans are prohibited if they’re subject to the insider lending restrictions of the Federal Reserve Act.
Disclosure of changes to inside stock ownership: Senior management, directors, and principal stockholders have to disclose changes in their ownership of corporate stock within two business days of making the transaction.
Internal control certification: The now-famous Section 404 provides that annual reports filed with the SEC must include an internal control report stating that management is responsible for the internal control structure and procedures for financial reporting. The report should also state that management assesses the effectiveness of the internal controls for the previous fiscal year.
Code of ethics: Companies subject to SOX must disclose whether they have adopted a code of ethics for their senior financial officers and whether their audit committees have at least one member who’s a financial expert. (For more on the financial expert requirement, flip to Chapter 8.)
Regular SEC review: Article IV requires regular SEC reviews of the disclosure documents that companies file each year with the SEC.
Title V: Protecting analyst integrity
SOX Title V is aimed at preventing several types of conflicts of interest. Among other things, it does the following:
Restricts the ability of investment bankers to preapprove research reports
Ensures that research analysts aren’t supervised by persons involved in investment banking activities
Prohibits employer retaliation against analysts who write negative reports
Requires specific conflict of interest disclosures by research analysts who make information available to the public
Title VI: Doling out more money and authority
Title VI authorizes the SEC to spend at least $98 million to hire at least 200 qualified professionals to oversee auditors and audit firms. It also gives the SEC the authority to
Censure persons appearing or practicing before it for unethical or improper professional conduct.
Consider orders of state securities commissions when deciding whether to limit the activities, functions, or operations of brokers or dealers.
Title VI also directs federal courts to prohibit persons from participating in small (penny) stock offerings if the SEC initiates proceedings against them.
Title VII: Supporting studies and reports
Title VII of SOX funds and authorizes a number of reports and studies that do the following:
Look at factors leading to the consolidation of public accounting firms and its impact on capital formation and securities markets
Address the role of credit-rating agencies in the securities markets
Examine whether investment banks and financial advisors assisted public companies in earnings manipulation and obfuscation of financial conditions
Title VIII: Addressing criminal fraud and whistle-blower provisions
Here are the main points of SOX’s Title VIII:
It imposes criminal penalties (maximum 10 years in prison) for knowingly destroying, altering, concealing, or falsifying records with intent to obstruct or influence a federal investigation or bankruptcy matter.
It imposes sanctions on auditors who fail to maintain for a five-year period all audit or review work papers pertaining to securities issuers.
It makes certain debts incurred in violation of securities fraud laws nondischargeable in bankruptcy.
It extends the statute of limitations for private individuals to sue for securities fraud violations. Individuals can sue no later than two years after the violation is discovered or five years after the date of the violation.
It provides whistle-blower protection by prohibiting a publicly traded company from retaliating against an employee who assists in a fraud investigation; executives who target whistle-blowers are subject to fines or imprisonment of up to 25 years. (For more on the whistle-blower provision, check out Chapter 18.)
Title IX: Setting penalties for white-collar crime
Title IX increases penalties for mail and wire fraud from 5 to 20 years in prison and penalties for violations of the Employee Retirement Income Security Act of 1974 to up to $500,000 and 10 years in prison.
In particular, Title IX establishes criminal liability for corporate officers who fail to certify financial reports, including maximum imprisonment of 10 years for knowing that the periodic report doesn’t comply with SOX and 20 years imprisonment for willfully certifying a statement known to be noncompliant.
Title X: Signing corporate tax returns
Title X of SOX expresses that a corporation’s federal income tax return “should” be signed by its chief executive officer.
Title XI: Enforcing payment freezes, blacklists, and prison terms
Title XI adds to the criminal penalties aimed at fraud that are established by SOX’s other sections. Here are some of the main parts of this title:
This section amends federal criminal law to establish a maximum 20-year prison term for tampering with a record or otherwise impeding an official proceeding.
It authorizes the SEC to seek a temporary injunction to freeze “extraordinary payments” to corporate management or employees under investigation for possible violations of securities law. Currently, there’s no specific definition as to what constitutes an “extraordinary payment.” However, Chapter 18 discusses some interesting litigation in this area (particularly the Gemstar case).
It prohibits persons who violate state or federal laws governing manipulative, deceptive devices and fraudulent interstate transactions from serving as officers or directors of publicly traded corporations.
Title XI increases penalties for violations of the Securities Exchange Act of 1934 to up to $25 million dollars and up to 20 years in prison.
Some Things SOX Doesn’t Say: SOX Myths
Although SOX costs corporations billions of dollars and diverts massive resources from production and profit-generating activities, it’s not all bad. In fact, there are things it doesn’t require; this section puts to rest five common SOX myths.
Myth #1: SOX put Jeff Skilling (and other Enron execs) in jail
This myth is anything but true. SOX was passed as a response to the Enron and WorldCom scandals. Because SOX was created in response to these events, it came too late to try the people whose names became synonymous with these scandals.
Despite the fact that most corporate executives are still tried on the basis of statutes other than Sarbanes-Oxley, SOX has shown itself to be an effective tool for convicting corporate executives who steal shareholders’ money. There have been more than 600 corporate crime convictions and more than $250 million in restitution ordered by courts under SOX.
Myth#2: Auditors can’t provide tax services
SOX doesn’t segregate to absurd extremes the services that accountants can provide to companies. In passing SOX, Congress recognized that in many cases it’s practical and cost-efficient for audit firms to prepare tax returns. So even though SOX precludes auditors from providing certain services to their clients to prevent Enron-type conflicts of interest, the legislation doesn’t ban tax preparation services outright. Rather, the company’s audit committee is charged with the responsibility of determining who provides tax services. However, some caveats must be considered in each case; for example, SOX’s ban on software consulting may sound a death knell for audit firms that sell tax software to their audit clients and provide consulting services to support it.
Myth #3: Internal control means data security
Internal control
