Sarbanes Oxley Act of 2002

What is Sarbanes-Oxley ?
Drafted

Oxley

by Sen. Paul Sarbanes and Rep. Michael

Signed into law 7/30/02 Enron WorldCom

reaction to high-profile corporate fraud cases

Intended to prevent similar situations by Creating and strengthening corporate controls Requiring enhanced financial disclosures Creating new standards for corporate accountability Creating new penalties for acts of wrongdoing

The Objective
To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. To deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders.

Wall of Shame
12/2001 6/2002

Enron

Arthur Andersen and WorldCom Global Crossing Kmart and Tyco

1/2002

12/2004

The Big Three

Enron

WorldCom

Tyco

Spurred corporate govt. movement Led to Sarbox Corporate greed (insider trading) Accounting fraud ($600 million) Bad Corporate Governance Criminal trial

Fueled the flames Led to Sarbox Accounting fraud Wall Street involvement Federal indictment Ebbers found guilty

Corporate corruption Accounting fraud Misuse of funds by top execs. Federal indictment Kozlowski and Swartz found guilty

Organization of the Act

Eleven Titles, Numerous Sections

Title I Public Company Accounting Oversight Board Title II Auditor Independence Title III Corporate Responsibility Title IV Enhanced Financial Disclosures Title V Analyst Conflicts of Interest Title VI Commission Resources and Authority

Title VII Studies and Reports Title VIII Corporate and Criminal Fraud Accountability Title IX White-Collar Crime Penalty Enhancements Title X Corporate Tax Returns Title XI Corporate Fraud and Accountability

Key Sections

Section 301
Requires the Audit Committee to: Directly oversee the Companys external audit firm. Be independent. Establish procedures for handling complaints about accounting or auditing matters. Have authority to hire advisors. Be adequately funded. Specific

issues to be defined in Audit Committee

- Internal Control - Reporting - Composition - Compliance

Charter

Purpose Authority Financial Statements External Audit

Section 302

The CEO and CFO of each issuer must prepare a statement to accompany the audit report to certify the appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial conditions of the issuer.

Places

responsibility for internal controls directly on the financial officers. to the SOX Act, no US company had a system of controls in place that would completely satisfy Section 302.

Prior

Section 404

Requires each annual report of an issuer to contain an internal control report, which shall: State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. Contain an assessment (yearly) of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

The most expensive and time-consuming Section of the SOX Act.

 PCAOB: Auditing

Standard No. 2

Paragraph 24
Controls Such

related to the prevention and detection of fraud often have a pervasive effect on the risk of fraud controls include the adequacy of the internal audit activity and whether the internal audit function reports directly to the audit committee, as well as the extent of the audit committee's involvement and interaction with internal audit

 PCAOB: Auditing
Paragraph
Internal

Standard No. 2, continued

121

auditors normally are expected to have greater competence with regard to internal control over financial reporting and objectivity than other company personnel external auditor may be able to use their work to a greater extent than the work of other company personnel -this is particularly true in the case of internal auditors who follow the International Standards for the Professional Practice of Internal Auditing issued by the IIA

The

 Implementation Steps Assign responsibility for process design and oversight. Integrate section 302 and 404 evaluation process. Coordinate with external auditor. Select a control model. Decide on scope of Internal control evaluation. Utilize Self-Assessment. Build on existing controls. Identify gaps. Conduct the evaluations. Internal

Audit should be CEO and CFOs best source of assurance about internal control

Who the Act Applies To

All

public companies in the U.S. International companies that have registered equity or debt securities with the SEC

Plus the accounting firms that provide auditing services to them.

Costs of Sarbanes-Oxley
In

2005
$5.8 billion spent to comply up 5% from 2004

AIG

has spent about $300 million per year to comply

Sarbanes at Work