Skip to content

Insights

Beyond the Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 (SOX) was a significant piece of legislation aimed at enhancing corporate governance and accountability in response to financial scandals like Enron and WorldCom. SOX maintains financial reporting transparency through enhanced internal control requirements, stricter auditor independence rules, rigorous disclosure standards, strengthened corporate governance, and protections for whistleblowers. These measures aim to ensure that financial reports are accurate, reliable, and free from misleading information resulting in greater confidence among investors and the public. Over the years, there have been various amendments and updates to the act.

Financial Crisis of 2008

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank) responded to the 2008 financial crisis. The goal was to address gaps and weaknesses in areas where Sarbanes-Oxley was not strong enough. These reforms aimed to prevent the kinds of abuses and failures that contributed to the 2008 crisis and to create a regulatory environment where unethical behavior is more likely to be reported and less likely to go unchallenged.

The 2008 financial crisis revealed that insufficient protections often discouraged whistleblowers from coming forward, thereby allowing misconduct to go unchecked. By offering stronger protections and incentives, Dodd-Frank aimed to improve the detection of financial fraud and other malpractices. The act provides for monetary rewards to whistleblowers who provide information leading to significant enforcement actions.

The 2008 financial crisis also highlighted the conflicts of interest that can arise when auditors have financial ties to the companies they are auditing. For example, Bear Stearns encountered a severe liquidity crisis, due in part to the firm’s involvement in risky mortgage-backed securities. The result was a loss of investor confidence and a fire sale to JP Morgan. Deloitte’s role as Bear Stearns’ auditor came under scrutiny due to the firm’s failure to adequately address and report on the financial risks associated with Bear Stearns’ investments. Deloitte’s significant consulting contracts with Bear Stearns were deemed a conflict of interest. Dodd-Frank sought to enhance auditor independence by imposing stricter regulations on audit firms, including restrictions on the non-audit services they can provide to their audit clients.

Economic Downturn

The financial crisis of 2008 led to a significant downturn in the economy, with small businesses and startups particularly affected. Traditional sources of capital became more difficult to access due to tighter credit conditions and increased scrutiny by investors and lenders. Enter the Jumpstart Our Business Startups (JOBS) Act of 2012. The JOBS Act provided some relief for smaller emerging growth companies by easing SOX compliance requirements, particularly Section 404b (SOX 404) related to management’s assessment of internal controls.

SEC Disclosure Modernization

In 2009 and 2018, the Securities and Exchange Commission (SEC) made significant changes to Regulation S-K, which governs the disclosures companies must make in their reports. The changes were aimed at improving the transparency of financial reporting and making disclosures more relevant and useful to investors. By eliminating redundancy and emphasizing material information, the SEC intended to provide investors with a clearer understanding of a company’s financial health and performance.

A key objective of the SEC disclosures modernization included reducing the complexity and cost of SOX 404. This was accomplished in the following ways:

  • Reduce the disclosure burden by reducing repetition and removing outdated requirements. This allowed management to be more focused in their report on the internal control over financial reporting (ICFR) by eliminating redundancies.
  • Change from a checklist to a materiality driven approach to the assessment of ICFR. Using this approach, organizations can focus ICFR assessments on areas with the most material impact to financial reporting.
  • Smaller companies benefited by allowing them to use a less complex and flexible approach with less reporting requirements.

Foreign Companies

The Holding Foreign Companies Accountable Act (HFCAA) of 2020 has several implications for SOX. HFCAA requires the Public Company Accounting Oversight Board (PCAOB) to inspect the work of audit firms that audit U.S. listed foreign companies. This ensures that the PCAOB can evaluate whether these audit firms comply with U.S. auditing standards and SOX requirements. If the PCAOB is unable to inspect or investigate the audits of these firms due to restrictions imposed by foreign governments, it impacts compliance with SOX. HFCAA stipulates that if a foreign company does not permit PCAOB inspections for three consecutive years, it risks being delisted from U.S. exchanges.

In summary, the Sarbanes-Oxley Act of 2002 continues to be important to the financial reporting process. All companies, whether public or private, can benefit from the implementation of key components of SOX and implementation of key controls that support SOX 404.

To learn more about McKonly & Asbury’s internal audit and Sarbanes-Oxley consulting services, please reach out to Elaine Nissley.

About the Author

Elaine Nissley

Elaine is a Director with McKonly & Asbury. Her primary responsibilities include management of the Internal Audit Services group. Elaine handles client relationships and is accountable for the delivery of high quality and timely d… Read more

Subscribe to Our Newsletter