Sarbanes-Oxley FAQs

What is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (SarbOx or SOx for short), was legislation passed in the wake of the Enron and WorldCom financial scandals to protect stockholders and the public from fraudulent accounting practices. SarbOx sets forth what accounting records should be kept and for how long.

The act is named after its two sponsors, Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH).

Who has to comply with the provisions of the Sarbanes-Oxley Act (SarbOx)?

Every publicly traded company in the United States as well as every publicly traded foreign company doing business in the United States is subject to the provisions of SarbOx.

SarbOx also applies to private companies that are preparing to go public through an initial public offering (IPO).

What does Sarbanes-Oxley compliance require?

All applicable companies must establish a financial accounting framework that can generate financial reports that are readily verifiable with traceable source data. This source data must remain intact and cannot undergo undocumented revisions. In addition, any revisions to financial or accounting software must be fully documented as to what was changed, why, by whom, and when.

An applicable company is required to disclose to the public, in immediate fashion, material changes in its financial conditions or operations. These disclosures are to be made in a way that is easily understood.

It is a crime for any person to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the document’s integrity for use in an official proceeding.

How long does the Sarbanes-Oxley Act (SarbOx) require a company to retain its electronic records?

SarbOx requires that all business records, including digital records and electronic messages, be maintained for at least five years.

Who exactly is responsible for maintaining the records required by the Sarbanes-Oxley Act (SarbOx)?

A company’s CEO and CFO are directly responsible for the accuracy, documentation, and submission of all financial reports to the Securities and Exchange Commission.

Reincorporating outside the United States does not lessen the legal effect of this act.

What does Sarbanes-Oxley require in a financial report?

Section 404 of the Sarbanes-Oxley acts requires that all annual financial reports include something called an internal control report.

An internal control report is (1) a statement of management’s responsibility for establishing and maintaining adequate internal control over the company’s financial reporting; (2) management’s assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the company’s most recent fiscal year; (3) a statement that identifies the framework that management uses to evaluate the effectiveness of the company’s internal control over financial reporting; and (4) a statement whether the registered public accounting firm responsible for auditing the company’s financial statements in the annual report has issued an attestation report on management’s assessment of the company’s internal control over financial reporting.

Who administers the provisions of the Sarbanes-Oxley Act (SarbOx)?

The Securities and Exchange Commission (SEC) administers the provisions of SarbOx and sets deadlines for compliance in addition to publishing rules for compliance.

In addition to SEC’s basic implementation of SarbOx, the act also created a new quasi-public agency called the Public Company Accounting Oversight Board (PCAOB).

What is the mission of the Public Company Accounting Oversight Board (PCAOB)?

The stated mission of the PCAOB is “to oversee the auditors of public companies in order to protect the interests of investors and further public interest in the preparation of informative, fair, and independent audit reports.”

In order to carry out its mission, the Sarbanes-Oxley Act vests the PCAOB with certain powers such as setting auditing and quality control standards for the preparation of an issuer’s audit reports, conducting inspection of registered public accounting firms, and conducting disciplinary proceedings and imposing fines related to the conduct of registered accounting firms and their employees.

How does the Public Company Accounting Oversight Board (PCAOB) ensure compliance?

In addition to its investigative powers, the PCAOB has the power to compel audit firms, and any person associated with an audit firm, to testify or produce documents. If a firm or individual refuses to comply with such a request, the PCAOB has the power to suspend or debar that firm or person from the public audit industry.

If the PCAOB finds its own teeth are not big enough, it can turn to the Securities and Exchange Commission for help in obtaining subpoenas.

So who oversees the Public Company Accounting Oversight Board (PCAOB)?

The Securities and Exchange Commission (SEC) oversees the PCAOB. Any individual or audit firm subject to the PCAOB’s oversight may appeal any decision or disciplinary action to the SEC, which has the power to modify or overturn any such decision.

The Sarbanes-Oxley Act gives the SEC the power to inspect the PCAOB and to censure or remove PCAOB board members for cause.

What are the penalties for noncompliance with Sarbanes-Oxley?

Besides lawsuits and negative publicity, a corporate officer who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison, even if done mistakenly. If a wrong certification was submitted purposely, the fine can be up to $5 million and twenty years in prison.

For a consultation with Joshi, call 734-249-6170 or send the firm an e-mail.