What is MFA?
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
When a string of public company accounting scandals took place in the early 2000s, with Enron, WorldCom, and Cendant facing ruin because of unethical finance and accounting practices, Congress stepped in to protect investors and prevent fraudulent financial reporting from happening on this scale ever again. The response was the creation of the Sarbanes-Oxley Act of 2002 (SOX).
It’s important to note that the corporate scandals that ignited SOX were further enabled by unethical practices within public accounting firms that were partnering with these companies. SOX not only changed how public companies went about financial reporting and auditing but also changed standards for external accounting firms.
Named after Representative Michael Oxley and Senator Paul Sarbanes, this intricate piece of legislation was designed to hold public companies to higher standards regarding accounting, auditing, and financial reporting. It includes many far-reaching requirements, but the most critical components of SOX are Section 302, Section 404, and Section 802.
To hold company leadership accountable for the public reporting of their respective companies, Section 302 requires senior officers to verify in writing that the organization’s financial statements are “fairly presented” and contain no financial misrepresentations. If inaccurate or fraudulent financial statements are later identified, the officers who signed off on them can be held accountable and may even be subject to criminal proceedings.
Internal controls for management teams and auditors are required by Section 404 of the Sarbanes-Oxley Act. This is a tedious requirement, and implementing these controls can be costly, but they play a critical role in protecting consumers, investors, and the nation’s economy more broadly.
Honing in on recordkeeping practices, this component of SOX includes rules around the destruction and falsification of records, the legally binding retention period for storing records, and the specific records that public companies are required to keep.
As a whole, the Sarbanes-Oxley Act of 2002 was created to ignite change in corporate responsibility, create more stringent criminal punishment groundwork, inject transparency into accounting practices, and add protections for company employees, investors, and consumers alike.
More than 20 years after the need for public company accounting reform became clear, the Sarbanes-Oxley Act has had a long-lasting and far-reaching impact. The three areas of business that have been most impacted by SOX are financial reporting and transparency, corporate governance and accountability, and audit quality and independence.
From a financial reporting perspective, SOX requires all publicly traded companies to publish year-end financial disclosure reports and internal controls reports to highlight any material changes in financial health. Public company accounting teams are also required to disclose the methods used for financial reporting as part of their annual reporting process, shedding light on how the company’s results came to be.
As mentioned above, senior leaders are required to sign off on the reporting accuracy of key reports, ensuring accountability at the highest levels, but it doesn’t stop there. Companies must also establish auditable internal controls for all accounting processes. If financial misrepresentation does occur, SOX strengthened penalties and made it easier to hold responsible parties accountable.
When SOX was passed, the Public Company Accounting Oversight Board was established. The PCAOB created new standards for auditor independence, barring auditors from providing other services that could become a conflict of interest, such as consulting services.
SOX was passed more than two decades ago; in the time since, there have been additional pieces of legislation that directly or indirectly impact SOX, but there was also a direct amendment made in March 2020 that impacted Section 404 (b). This amendment made it so that smaller companies with annual revenues of less than $100 million are considered “nonaccelerated filers” and exempt from the management assessment of internal controls as well as the independent audit of those controls.
In the last 20 years, there have been a number of new pieces of legislation passed that enhance or override SOX regulations. For instance, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created new whistleblower protections, strengthened corporate governance policy, and created more channels for accountability within corporations.
Despite changes – direct and indirect – to the Sarbanes-Oxley Act, the legislation still has plenty of critics. The costs necessary to stay in compliance can be hefty, forcing large companies to expend resources that they could invest into other business endeavors. Beyond compliance costs, some professionals argue that SOX reduces innovation, stifles small business growth, and pushes up-and-coming companies to seek financing from private investors instead of pursuing an Initial Public Offering (IPO).
In 2012, ten years after the passing of SOX, the bill got the chance to prove its value in a high-profile case. Because of internal audit requirements and mandated financial reporting reviews, instances of unethical behavior — namely briber — came to light. Pfizer was accused of using its subsidiaries to send funds to foreign officials to approve and facilitate the sale of its products. When the information was discovered, Pfizer cooperated with the Department of Justice and the Securities and Exchange Commission and ended up paying $60.2 million in civil and criminal penalties.
Any company that is traded on a U.S.-based stock exchange must comply with the Sarbanes-Oxley Act, even if the company is headquartered in a different country. The impact on global companies and markets was far-reaching, but ultimately, it holds large corporations to a higher standard, boosting investor confidence and protecting economies worldwide. The Enron scandal put the global economy in a precarious position, and many forward-thinking countries were able to learn from the mistakes that caused the reality in the U.S.
The European Union, for example, established the Market Abuse Regulation (MAR) in 2014. MAR prohibits insider trading, prevents inside information disclosures, and protects the market from manipulation. It requires businesses to report suspicious transactions and establish controls to mitigate market abuse. This is just one example, but it’s clear that SOX set a global precedent for years to come.
The market landscape is constantly changing, and as such, SOX will continue to be tested, amended, and reinforced when needed. One of the biggest challenges facing the act is the emergence of new technologies and the data security implications that come along with that. As automation tools are woven into the fabric of finance and accounting, ensuring those tools are still compliant with the regulations set by SOX will always be a key focal point.
Reference sites:
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …
Accounts payable fraud is a deceptive practice that exploits vulnerabilities in a company’s payment processes. It occurs when individuals—whether employees, vendors or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.