What is the Sarbanes-Oxley Act of 2002?
The Sarbanes-Oxley Act of 2002 came to be after multiple instances of high-profile scandals that identified key weaknesses related to financial reporting and corporate governance. The Enron Scandal is one of the most well-known scandals which led to Sarbanes and Oxley introducing legislation. This scandal involved Enron hiding debt and inflating profits by masking losses with off-balance sheet entities. After Enron declared bankruptcy due to the exposure of the fraud, many investors experienced significant losses and many employees lost their source of income. Enron is just one key example of fraud that led to the formulation of Sarbanes Oxley. Other companies involved in scandals leading to the Sarbanes-Oxley Act include WorldCom and Tyco International.
Sarbanes-Oxley compliance involves corporate governance, reliability and integrity for disclosures, protection for investors, and increasing confidence in the financial markets. Highlighted below are a few of the major provisions of Sarbanes-Oxley Act requirements.
Key Components
1. PCAOB
The Public Company Accounting Oversight Board (PCAOB) was established, as a result of the Sarbanes-Oxley Act of 2002, in order to oversee the corresponding audits performed for public companies. The PCAOB establishes standards and rules meant to be followed by those completing the audits and the Board also provides accountability for the registered public accounting firms by inspecting, investigating, and enforcing any relevant consequences for non-compliance in the audits performed.
2. Auditor Independence
This component covers the responsibilities of the auditor as it relates to identifying and reporting the proper independence in relation to the organization that they are auditing. It also covers the responsibilities of the auditor related to their communication with the audit committee and outlines the key items that must be communicated, including but not limited to, policies and practices, alternative treatments and effects, and material written communications between the auditor and senior management.
3. Corporate Responsibility
The Sarbanes-Oxley Act requirements assert that Senior Management must be aware of the responsibilities and restrictions applied, so that financial statements and disclosures are fair and accurate. This includes reporting and sign-off requirements, compensation limitations, board member requirements, and other senior management functionality requirements.
4. Enhanced Financial Disclosures
Sarbanes-Oxley compliance requires that financial reports filed with the Securities Exchange Commission (SEC) properly recognize material adjustments in accordance with the SEC and generally accepted accounting principles (GAAP). This component also contains Sarbanes-Oxley internal controls requirements (SOX 404). SOX 404 requires management to annually produce an internal control report attesting to the existence of internal controls over financial reporting and that said controls are in place and operating effectively. SOX 404 also requires the attestation and subsequent reporting by the accounting firm responsible for the financial audit.
5. Corporate Fraud Accountability
This component defines consequences for fraudulent activities along with other requirements for Sarbanes-Oxley controls related to retention periods and the protection of whistleblowing activities. Section 806 specifically outlines the protection of individuals from employer retaliation when the individual is lawfully acting in a way that either is assisting in the investigation of potential fraud or reporting an instance of potential fraud.
Consequences of Non-Compliance
Consequences related to non-compliance with the Sarbanes-Oxley Act of 2002 include legal penalties, regulatory actions, civil lawsuits, reputational damage, and a wide range of operational, financial, and personal consequences. These consequences can be very severe for any organization that fails to comply. The severity of the consequences validates, once again, the importance put on the Sarbanes-Oxley Act of 2002 in order to protect investors by ensuring accurate financial reporting and maintaining corporate integrity.
Please contact Elaine Nissley or Victor Kong for more information about McKonly & Asbury’s internal audit, readiness, and consulting services for SOX compliance testing.
About the Author

Jordan joined McKonly & Asbury in 2022 and is currently a Senior Consultant with the firm’s Advisory Segment.