The Sarbanes-Oxley Act: A Comprehensive Overview

The Sarbanes-Oxley Act, otherwise known as “SOX”, was a major overhaul of corporate financial reporting for public companies through the implementation of new reporting standards for both company executives and public accounting firms. Implemented in 2002, it was in response to the numerous accounting scandals that took place in the late 1990s and early 2000s. These scandals cost investors billions of dollars and caused the loss of thousands of jobs in the U.S. economy. Through the implementation of stricter reporting requirements, enhanced civil penalties, and new criminal penalties, the act reduced corporate fraud and improved the accuracy of financial information provided to investors. 

What is the Sarbanes-Oxley Act? What are the most important sections for corporate officers and auditors to understand? This article breaks down everything you need to know about the SOX Act from its origins and benefits to key highlights and a full overview. 

A Brief History and Impact of the Sarbanes Oxley Act

The Sarbanes Oxley Act, was passed into law on July 30, 2022. Its primary goal is to protect investors by improving the accuracy and reliability of financial reporting and corporate disclosures. The sections within the SOX Act regulate corporate governance, risk management, auditing, and public company financial reporting with the goal of reducing accounting fraud and corporate corruption. Sarbanes-Oxley was named after the U.S. Senators who sponsored the bill – Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH). The bill was in response to several corporate and accounting scandals in the early 2000s including Enron, Tyco International, WorldCom, Adelphia, and Peregrine Systems. SOX also created a new quasi-government agency, the Public Company Accounting Oversight Board (PCAOB), to oversee and regulate public accounting firms auditing public companies. Highlights of the most notable accounting scandals are described below.

The Sarbanes-Oxley Act delivered comprehensive reform to the public company corporate accounting practices and public accounting firms audit procedures. The initial impact of SOX was clearly evident by looking at the number of restatements in 2005 and 2006. Restatement rose 66% in 2005 to 1,600 and peaked at 1,784 in 2006 soon after the implementation of internal control over financial reporting requirements. After 2006, restatement steadily declined, reaching a low of 711 in 2009. Please note that 4.02 restatements are more serious than non 4.02 restatements. 4.02 restatements denote that the previously filed financial statements contain errors determined to be material and therefore the financial statements are deemed unreliable.

While many proponents of the bill claim SOX was necessary to remediate the corporate accounting scandals, there have been opponents who have argued SOX has done more harm than good. Leading the charge were Congressman Paul Ryan and Arkansas Governor Mike Huckabee, who argued that SOX was not necessary and placed U.S. companies at a competitive disadvantage with foreign competitors due to the excessive costs required to comply with SOX regulations. To support their claims, they cited that the number of public companies deregistered from public exchanges tripled in the following year after SOX was enacted. 

In response to these criticisms, the JOBS Act was enacted in April 2012 to provide some relief for newly listed public companies by creating a new class of companies called emerging growth companies (EGC). An EGC is exempt from SOX 404(b) for a period of five years unless its gross revenues exceed $1.235 billion, has issued over $1 billion in non-convertible debt over a three-year period, or becomes a large-accelerated filer. The purpose of the EGC class was to lower the cost of SOX compliance by reducing the number of required financial disclosures in annual reporting and an exemption from the internal control attestation requirement from external auditors.

The Primary Components of Sarbanes-Oxley

The primary components of the Sarbanes-Oxley Act are the following 11 sections:

• Title I: Public Company Accounting Oversight Board (PCAOB)
  • Title 1 established the PCAOB, which is a nonprofit organization whose goal is to provide oversight of public accounting firms providing audit services to public companies. The PCAOB enhanced the quality of audits being performed by public accounting firms through inspections of audit workpapers and overseeing compliance with specific components of SOX.
• Title II: Auditor Independence
  • Title II established the standard of external auditor independence and helped reduce potential conflicts of interest with audit clients. Highlights include required rotation of audit partners and limitation of certain non-audit services provided to audit clients.
• Title III: Corporate Responsibility
  • Title III is a civil provision that requires senior executives to take responsibility for the accuracy and completeness of their company’s financial reporting.
• Title IV: Enhanced Financial Disclosures
  • Title IV provides enhanced reporting requirements for financial transactions, including off-balance sheet transactions, pro forma figures, and corporate officer stock transactions. It also requires the implementation of an internal control framework to further improve a company’s financial reporting process.
• Title V: Analysis of Conflicts of Interest
  • Title V provides a code of conduct for security analysts and requires the disclosure of any known conflict of interest. The goal of Title V is to restore investor confidence in the reporting function of the securities industry.
• Title VI: Commission Resources and Authority
  • Title VI provides the U.S. Security and Exchange Commission (SEC) authority over professionals and allows it to censure or bar professionals from practicing as a broker, advisor, or dealer. The goal of Title VI is to restore investor confidence in the securities industry.
• Title VII: Studies and Reports
  • Title VII charged the Comptroller General and SEC to generate studies on the impact of 1) the consolidation of public accounting firms, 2) the role of credit reporting agencies, 3) securities violation, and 4) enforcement actions. The goal of these studies was to decide if investment banks had any involvement with the early 2000s accounting scandals where earnings were misrepresented, and the true financial condition of public companies was not disclosed to investors.
• Title VIII: Corporation and Criminal Fraud Accountability
  • Title VIII provides employees with whistleblower protections and provides specific criminal penalties for individuals who manipulate, alter, or destroy accounting reports in an attempt to interfere with an investigation into a company’s financial records.
• Title IX: White Collar Crime Penalty Enhancement
  • Title IX is a criminal provision that enhances criminal penalties for white-collar financial crimes to include higher monetary fines and increased prison terms.
• Title X: Corporate Tax Returns
  •  Title X recommends the Chief Executive Officer (CEO) sign the company’s corporate tax return.
• Title XI: Corporate Fraud Accountability
  • Title XI upgrades the penalties for corporate fraud, tampering with corporate accounting records, and obstructing official proceedings to criminal offenses. It also enhances the penalties for these actions. It also allows the SEC to freeze corporate transactions, or payments, identified as large or unusual.

The following table assigns each Title to a category of either Auditor, Corporate, Financial Reporting, or Regulator to better help understand how the act is structured.

Each section of the Sarbanes-Oxley Act has multiple subsections that outline the Act’s specific regulations. Listed below are seven critical sections for corporate officers and auditors to understand. This article reviews each of these seven sections in detail and highlights their critical components.

1. Section 302: Corporate Responsibility for Financial Reports
2. Section 401: Disclosures in Periodic Reports
3. Section 404: Management Assessment of Internal Controls
4. Section 409: Real Time Issuer Disclosures
5. Section 802: Criminal Penalties for Altering Documents
6. Section 806: Sarbanes Oxley Whistleblower
7. Section 906: Corporate Responsibility for Financial Reports

A comprehensive summary of all sections and subsections is provided later in this article. 

Section 302: Corporate Responsibility for Financial Reports

This section requires the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to certify the company’s financial report and the effectiveness of the company’s internal controls. The certification confirms the officer has reviewed the report, the report does not contain any untrue statement of material fact. Also, based on the officer’s knowledge of the financial statements, they fairly represent all aspects of the financial condition of the issuer for the periods represented in the report.

Section 302 also charges the officers with the responsibility for establishing and maintaining an effective internal controls environment. Company officers must have evaluated the effectiveness of the issuer’s internal controls within 90 days of the report. Also, the officers must disclose any significant deficiencies in the design and operation of the company’s internal controls that could adversely affect the issuer’s ability to record, process, summarize, and report the financial data to their external auditors and audit committee. Officers of the company must also inform the auditors of any material weaknesses in the company’s internal control framework and disclose any fraud, material or not, that involves the company’s management or employees who have a critical role in the operation of the company’s internal controls.

Section 401: Disclosures in Periodic Reports

This section enhances the financial disclosures required by Section 13 of the Securities Exchange Act of 1934. All material correct adjustments identified by the public accounting firm shall be disclosed. Additionally, material off-balance sheet transactions, arrangement, obligations, contingent obligations, and other relationships of the issuer with unconsolidated entities that may have a material impact on the current or future effect of the company’s financial condition, result of operations, liquidity, capital expenditures, capital resources, or any significant components of the issuer’s revenue or expenses. Additionally pro forma figures may not contain any untrue statements, nor omit any material facts necessary to make pro forma information misleading to investors.

Section 404: Management Assessment of Internal Controls

Section 404 of SOX consists of Section (a), Section (b), and Section (c). The primary purpose of section 404 requires management to assess the effectiveness of their company’s internal controls over financial reporting to improve the accuracy of a company’s financial reporting. Let’s discuss the details of each section.

Section 404(a) applies to all public issuers – there are no exemptions. This section requires management to conduct an evaluation of the operational effectiveness of the company’s internal controls over financial reporting. The company’s internal control structure must be documented and evaluated annually. The results of the management’s annual assessment of internal controls are then reported in the company’s Form 10-K.

Section 404(b) requires public issuers to obtain an external auditor to attest to, and report on, management’s assessment of its internal controls. Remember that section 404(a) mandates management perform an internal assessment, while section 404(b) requires an independent auditor to evaluate whether management’s assessment of the company’s internal controls is accurate. The auditor’s opinion on the company’s internal controls is reported in the audit report section of Form 10-K. The Public Company Accounting Oversight Board (PCAOB) establishes standards that independent auditors must follow regarding their report on the company’s internal controls. The American Institute of Certified Public Accountants (AICPA) provides additional information and background on this section. SOX Testing: How to Build a Well-Rounded Testing Program provides additional information about building a comprehensive SOX testing program.

Section 404(c) exempts certain organizations from Section 404(b). Specifically, organizations that are not an accelerated filer, or not a large-accelerated filer are exempt. This group of companies is also referred to as non-accelerated filers. Emerging growth companies (EGC) are also exempt. To qualify as a non-accelerated filer, an organization must have less than $75 million in public float, otherwise known as the value of shares, held by the public. The SEC provides EGC status to companies for the first five years after their IPO if they do not exceed certain thresholds.

Section 409: Real-Time Issuer Disclosures

This section requires issuers to disclose on a near real-time basis any material changes in its financial conditions, or operations that are necessary or useful to protect investors.

Section 802: Criminal Penalties for Altering Documents

This section enhanced the penalties for both the company and the auditors of the company. Any person found to have altered, destroyed, mutilated, concealed, or falsified documents or tangible objects with the goal of obstructing, impeding, or influencing any legal investigation into the issuer now faces a fine and maximum prison time of no more than 20 years. 

For auditors, this section increased the retention period for any audit or review workpapers. The initial rules stated that any accountant who performs an audit of an issuer must maintain its audit, or review, workpapers for a minimum period of five years from the end of the fiscal period in which the audit or review was completed. However, the final rule increased the retention period to seven years. The penalty for violating the record retention rules is a fine and prison time for no more than ten years. 

Workpapers are considered any documents used to form the basis of the audit, or review, of the issuer’s financial statements. The criteria for a document to be considered a workpaper are:

1. materials created, sent, or received in connection with the audit, or review and 
2. any documents that have conclusions, opinions, analyses, or financial data related to the audit, or review.

Section 806: Sarbanes Oxley Whistleblower

Section 806 provides additional protection for employees of publicly traded companies who provide evidence of fraud or assist in an investigation of fraud against the company’s shareholders conducted by a federal regulatory agency, law enforcement agency, a member of Congress, a committee of Congress, or by a person with supervisory authority over the employee. Section 806 also expanded the prohibitions against relations against employees. 

This section allows the SEC to take legal action against employers who retaliate against whistleblowers. To further strengthen this section, Commission Rule 21F-17(a) prohibits a person, or entity, from taking any action to impede another individual from contacting the SEC directly to report a possible securities violation. Non-disclosure agreements (NDA) and severance agreements may violate federal law if they specifically prevent an employee from reporting concerns directly to the SEC.

Section 906: Corporate Responsibility for Financial Reports

Section 906 of the Sarbanes-Oxley Act requires public companies to include specific certifications by the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) in each period report containing financial statements. The certification states that the information contained in the financial report fairly represents, in all material aspects, the company’s financial condition and results of operations. The penalties for making false claims in these certifications include a fine of up to $1 million and up to 10 years in prison. Additionally, if an officer willingly certifies the financial report, knowing the report is false, may face penalties of up to $5 million and 20 years in prison.

The CEO and CFO should conduct a reasonable level of due diligence to determine whether the financial statement fairly represents the company’s financial condition. The actions the officers should take include performing a careful review of the financial report and interviewing company personnel who prepared the report. The Chief Accounting Officer (CAO), general counsel, Risk Management Officer (RMO), and Chief Investor Relations Officer should be included among individuals who are consulted regarding how the financials were prepared. Additionally, the company’s primary audit partner or personnel from the external audit team may be consulted.

The CEO and CFO should discuss any significant financial reporting issues the company is facing, the Management Discussion and Analysis (MD&A) section of the financial report, any critical accounting policies, known financial trends, the status of the company’s internal controls, and any key internal audit procedures. Another best practice is to review sub-certifications from key individuals involved in the company’s financial reporting process. The company should also document the procedures undertaken by the CEO and CFO to review the company’s financial report.

While section 302 and section 906 may appear to be very similar in nature, the distinction between the two is that section 302 is a civil provision and section 906 is a criminal provision.

Sarbanes-Oxley and Corporate Governance

One of SOX’s primary mandates was improving corporate governance by increasing the responsibility of executives at public companies with regard to financial reporting. Title III, IV, IX, X, and XI placed numerous new requirements on company executives to hold them accountable for poor financial reporting. Also, new and stricter penalties for executives who act in bad faith, or knowingly commit fraud, further help motivate company executives to closely monitor their company’s financial reporting and ensure accurate, reliable information is being provided to investors. 

Title III, and specifically section 302, made it mandatory for the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to certify the company’s financial reports and the effectiveness of the company’s internal controls. Passing SOX made the company executives directly responsible for fraudulent financial reporting, and they could no longer ignore problems in their company’s financial reporting framework. If a company’s financials were inaccurate, fraudulent, or misleading to investors, they were now held directly accountable and liable for civil penalties. This section also requires the formation of an independent audit committee to further evaluate the company’s internal control performance, appoint external auditors, and ensure the financial reporting is accurate and free from material errors. 

Title IV, Enhanced Financial Disclosures, also enhanced corporate governance by mandating company executives certify the effectiveness of their company’s internal control framework. It does not allow for any exceptions, for example, EGCs or smaller reporting companies. All issuers are required to comply with Section 404(a) of Title IV and this forces company executives to fully understand and actively participate in their company’s internal controls over financial reporting. Title IX, White Collar Penalty Enhancement, carried with it some of the most significant changes. Section 906, similar to Section 302, requires Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to include specific certifications about the company’s financial statements. The most important point to understand is that section 906 added criminal penalties for any false claims associated with these certifications. The penalties include a fine of up to $1 million and up to 10 years in prison. If an officer willingly certifies the financial report, knowing the report is false, they may face penalties of up to $5 million and 20 years in prison.

Title XI, Corporate Fraud Accountability, continued with the theme of criminal offenses and expanded criminal penalties to any individuals who act in bad faith. This section extends beyond just the CEO and CFO and makes any person involved with corporate fraud, tampering with corporate accounting records, and obstructing official proceedings liable for criminal penalties of fines, imprisonment up to 20 years, or both. 

Combined together titles III, IV, IX, and XI make a collaborative effort to enhance financial reporting through improved corporate governance. Using a combination of required certifications, increased civil penalties, and new criminal penalties, these new rules all play a part in helping improve financial reporting.

Key Benefits of Sarbanes-Oxley (SOX)

The implementation of SOX in 2004 resulted in many added benefits for investors. Public company financial reporting became more accurate, reliable, and transparent for investors and the general public. The driving force behind the improved financial reporting was an enhanced emphasis on implementing and assessing internal control frameworks, improved corporate governance, and expanded oversight from regulators. What Are SOX Controls? Best Practices for Defining Your Scope provides additional information on identifying relevant controls with a company’s internal control framework.

Section 404 of SOX is considered the backbone of SOX because of its focus on improving audit standards, implementing an effective internal control framework, and attestation of that framework by external auditors. Internal control over financial reporting was not a new concept brought about when SOX was passed in 2002. The idea of using internal controls to monitor and improve financial reporting has been since the early 1980’s and most well known for the work performed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)  Founded in 1985, COSO sponsored the National Commission on Fraudulent Financial Reporting, an independent private-sector initiative that studied the leading factors that contributed to fraudulent financial reporting. Fundamentals of the COSO Framework: Building Blocks for Integrated Internal Controls provides additional background on the COSO framework and internal controls. By requiring company executives, CEO and CFO, to annually evaluate and assess its company’s internal control framework, it forced companies to spend time and resources on establishing an effective and functional internal control framework. To help executives evaluate the internal control environment, more robust internal audit departments were created to perform year-round monitoring and testing of internal controls. Internal Audit 101: Everything You Need to Know provides additional insight into internal audit departments and their scope of work. Furthermore, this section mandates, with some exceptions for smaller issuers, that external auditors assess the effectiveness of a company’s internal control framework. A failure would result in a qualified audit opinion on internal controls (meaning the financial statements contain misstatements or omissions) and considerable fallout for the company executives and its board of directors. 

As discussed earlier, corporate governance improved as a result of SOX due to the requirement of executives certifying financial reports, increased civil penalties, and new criminal penalties. This prevented company executives from ignoring, or dismissing their company’s financial reporting process. If a company’s financial statement were inaccurate, either due to incompetence or a wilful act of fraud, its company executives were now held both civilly liable and criminally liable. 

Increased regulatory oversight and expanded federal powers also improved overall financial reporting. Title XI allows the SEC to freeze corporate transactions, or payments, identified as large or unusual and. title VIII provides employees with additional whistleblower protections. Many of the accounting scandals prior to SOX, and even after SOX, came to light because of an internal whistleblower. Expanded federal protections for these whistleblowers makes it increasingly more difficult for companies to keep fraud hidden from the general public and investors. 

Comprehensive Review of the Sarbanes-Oxley Act

Below is a full list of all sections and sub-sections of the Sarbanes-Oxley Act to help provide a better understanding of the full scope provided by SOX.

Title I: Public Company Accounting Oversight Board (PCAOB)

Title I established the Public Company Accounting Oversight Board (PCAOB). The PCAOB is a nonprofit organization that oversees the audits of public companies that are subject to securities laws. The PCAOB has four primary responsibilities.

1. Registration of accounting firms that audit public companies in the U.S. securities market.
2. Inspected registered accounting firms.
3. Establishes standards for auditing, quality controls and ethics standards for registered accounting firms.
4. Investigate and discipline registered accounting firms for violations of professional standards.

The subsections of Title 1 are the following:

• Sec. 101. Establishment; administrative provisions.
• Sec. 102. Registration with the Board.
• Sec. 103. Auditing, quality control, and independence standards and rules.
• Sec. 104. Inspections of registered public accounting firms.
• Sec. 105. Investigations and disciplinary proceedings.
• Sec. 106. Foreign public accounting firms.
• Sec. 107. Commission oversight of the Board.
• Sec. 108. Accounting standards.
• Sec. 109. Funding.

Title II Auditor Independence

Title II focuses on and regulates auditor independence. Title II prohibits an external auditor from performing non-audit services to its public company audit clients. It also outlines the specific communication needed between an auditor and the public company’s audit committee, or board of directors. Finally, Title II requires audit partners to rotate from their public company audit clients on a periodic basis.

• Sec. 201. Services outside the scope of practice of auditors.
• Sec. 202. Pre Approval requirements.
• Sec. 203. Audit partner rotation.
• Sec. 204. Auditor reports to audit committees.
• Sec. 205. Conforming amendments.
• Sec. 206. Conflicts of interest.
• Sec. 207. Study of mandatory rotation of registered public accounting firms.
• Sec. 208. Commission authority.
• Sec. 209. Considerations by appropriate State regulatory authorities.

Title III Corporate Responsibility

Title III focuses on corporate responsibility and enhanced financial reporting disclosures. It mandates that corporate officers certify their public company’s annual and quarterly reports.

• Sec. 301. Public company audit committees.
• Sec. 302. Corporate responsibility for financial reports.
• Sec. 303. Improper influence on conduct of audits.
• Sec. 304. Forfeiture of certain bonuses and profits.
• Sec. 305. Officer and director bars and penalties.
• Sec. 306. Insider trades during pension fund blackout periods.
• Sec. 307. Rules of professional responsibility for attorneys.
• Sec. 308. Fair funds for investors.

Title IV Enhanced Financial Disclosures

Title IV outlines financial reporting disclosures involving management and principal stockholders, and other items such as internal controls over financial reporting. This is probably the most well-known section of ACT because it includes Section 404. Please refer to the detailed section above about Section 404 for additional information.

• Sec. 401. Disclosures in periodic reports.
• Sec. 402. Enhanced conflict of interest provisions.
• Sec. 403. Disclosures of transactions involving management and principal stockholders
• Sec. 404. Management assessment of internal controls.
• Sec. 405. Exemption.
• Sec. 406. Code of ethics for senior financial officers.
• Sec. 407. Disclosure of audit committee financial expert.
• Sec. 408. Enhanced review of periodic disclosures by issuers.
• Sec. 409. Real-time issuer disclosures.

Title V Analyst Conflicts of Interest

Title V analyzes the conflicts of interest regarding securities analysts employed by registered securities associations and national security exchanges. This section adds language to section 15 of the Securities Exchange Act of 1934 to improve objectivity and independence of security analysts. The essence of this section is to prohibit people employed by a broker, or dealer, which are engaged in investment banking activities from publishing research reports. It also provides protection for security analysts who publish an unfavorable report against retaliation.

A security analyst is defined as any associated person of a registered broker or dealer that is principally responsible for the preparation of a research report. A research report is considered any written or electronic communication that analyzes equity securities of an individual company or industry and provides sufficient information to develop an investment decision.

• Sec. 501. Treatment of securities analysts by registered securities associations and national securities exchanges.

Title VI Commission Resources and Authority

This section amends sections of both the Securities Exchange Act of 1934 and the Securities Act of 1933. Some of the revisions include amending the amount of funds authorized to be appropriated to the SEC for oversight activities and enhancing the commission’s ability to censure individuals who lack required qualifications or have engaged in unethical or improper professional conduct.

• Sec. 601. Authorization of appropriations.
• Sec. 602. Appearance and practice before the Commission.
• Sec. 603. Federal court authority to impose penny stock bars.
• Sec. 604. Qualifications of associated persons of brokers and dealers.

Title VII Studies and Reports

Section VII stipulated that the Comptroller General of the United States and SEC perform a study to find the factors that caused the consolidation of public accounting firms starting in the late 1980s that resulted in an overall reduction of the number of firms providing audit services. It also commissioned a study of credit rating agencies to determine their role and function in the operation of securities markets. A study to determine the number of securities professionals, defined as public accountants, public accounting firms, investment bankers, investment advisors, brokers, dealers, attorneys, and others in the securities industry, which have been found in violation of federal securities laws. It also commissioned a study of enforcement actions for violations of reporting requirements and a study of investment banks.

• Sec. 701. Government Accountability Office (GAO) study and report regarding consolidation of public accounting firms.
• Sec. 702. Commission study and report regarding credit rating agencies.
• Sec. 703. Study and report on violators and violations.
• Sec. 704. Study of enforcement actions.
• Sec. 705. Study of investment banks.

Title VIII Corporation and Criminal Fraud Accountability

Section VIII enhanced the criminal penalties for altering documents, specifically the destruction, alteration, or falsification of records in Federal investigations and bankruptcy. Also, the destruction of corporate audit records. It also amended the statute of limitation for securities fraud (sec 804) and enhanced the Federal sentencing guidelines for the obstruction of justice and extensive criminal fraud (sec 805). It provided enhanced protection for public company employees who provide evidence of fraud from retaliation (sec 806) and amended the criminal penalties for defrauding shareholders of publicly traded companies (sec 807)

• Sec. 801. Short title.
• Sec. 802. Criminal penalties for altering documents.
• Sec. 803. Debts nondischargeable if incurred in violation of securities fraud laws.
• Sec. 804. Statute of limitations for securities fraud.
• Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud.
• Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud.
• Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.

Title IX White Collar Criminal Penalty Enhancements

Section IX worked to enhance the penalty for white-collar financial crimes and is also referred to as “White-Collar Crime Penalty Enhancement Act of 2022.” Sec 902 amended Chapter 63 of title 18, United States Code by broadening the scope to include any person attempting or conspiring to commit an offense will be subject to the same penalties as those prescribed for the offense. Sec 903 amended the language for the Employee Retirement Income Security Act of 1974 and increased the penalties for violations of this Act. Sec 905 amended the sentencing guidelines for white-collar offenses.

• Sec. 901. Short title.
• Sec. 902. Attempts and conspiracies to commit criminal fraud offenses.
• Sec. 903. Criminal penalties for mail and wire fraud.
• Sec. 904. Criminal penalties for violations of the Employee Retirement Income Security Act of 1974.
• Sec. 905. Amendment to sentencing guidelines relating to certain white-collar offenses.
• Sec. 906. Corporate responsibility for financial reports.

Key Point – Section 906 added penalties to Chapter 63 of title 18, United States Code, for corporate officers who fail to certify financial reports. The criminal penalties are:

•  $1,000,000 fine and imprisonment of not more than 10 years for certifying any statement that does not follow the requirement in section 13(a) or 15(d) of the Securities Exchange Act of 1934 the information contained in the periodic report fairly represents the result of operations of the issues.
• $5,000,000 fine and imprisonment of not more than 20 years, or both for willfully certifying any statement that does not follow the requirement in section 13(a) or 15(d) of the Securities Exchange Act of 1934 the information contain

Title X Corporate Tax Returns

Section X is straightforward and the shortest section of the SOX. It states that a public company’s federal income tax return should be signed by the Chief Executive Office of the company.

• Sec. 1001. Sense of the Senate regarding the signing of corporate tax returns by chief executive officers.

Title XI Corporate and Fraud Accountability

Section XI provides added authority to the SEC and enhances penalties for individuals who interfere with any part of an investigation into corporation corruption or fraud. Section 1102 amends Section 1512 of title 18, United States Code, to increase the penalties for individuals who tamper with records, or otherwise impede an official proceeding to include a fine and imprisonment for not more than 20 years, or both. Section 1103 grants the Securities and Exchange Commission (SEC) the ability to temporarily freeze assets of an issuer in certain situations where an issuer is likely to make an extraordinary payment for an officer, director, partner, agent, controlling parties, or employees of the company. Section 1104 amends the federal sentencing guidelines for securities and account fraud related offenses. Section 1105 amends the Securities Exchange Act of 1934 and sets guidelines that allow the SEC to restrict certain persons from serving as officer of directors of a public company if they are identified as unfit or having engaged in unethical behavior. Section 1106 increases the criminal penalties under the Securities Exchange Act of 1934 from $1,000,000 to $5,000,000 and $2,500,000 to $25,000,000 in section 32(a) and section 1107 amended Section 1513 of title 18 of the United States Code to provide added protection for informants.

• Sec. 1101. Short title.
• Sec. 1102. Tampering with a record or otherwise impeding an official proceeding.
• Sec. 1103. Temporary freeze authority for the Securities and Exchange Commission.
• Sec. 1104. Amendment to the Federal Sentencing Guidelines.
• Sec. 1105. Authority of the Commission to prohibit persons from serving as officers or directors.
• Sec. 1106. Increased criminal penalties under Securities Exchange Act of 1934.
• Sec. 1107. Retaliation against informants.

Take Your SOX Game to the Next Level

Now that you know all about the Sarbanes-Oxley Act, you’ll want to make sure your company is taking a technology-enabled approach to SOX compliance. Leveraging purpose-built technology to automate processes is key for decreasing the costly and time-consuming nature of Sarbanes-Oxley compliance and maximizing SOX resources. 

SOX compliance software enables teams to free up time to perform more value-add audits, increase the quality of internal controls, improve real-time visibility into SOX environments, boost external auditor collaboration — and ultimately avoid financial restatements. Schedule a personalized walkthrough to see how AuditBoard’s SOX and internal controls software can enable your team to tackle SOX with ease and precision!

Frequently Asked Questions About the Sarbanes-Oxley Act

Why did Congress pass SOX? 

The Enron accounting scandal was the primary catalyst for Congress to pass the act in 2002. The act reflected public sentiment that investors needed additional protection from fraudulent corporate practices and was passed to restore investor confidence and promote transparency. The Public Company Accounting Oversight Board (PCAOB) was also formed to monitor and regulate public accounting firms that audit publicly traded companies to ensure proper compliance with SOX regulations.

Who is responsible for SOX compliance?

The act holds senior management, specifically the CEO and CFO, responsible for compliance with its requirements through a combination of certifying financial reports and evaluating the performance of their company’s internal controls framework.

What are the criminal penalties for SOX noncompliance?

Executives, such as CEOs and CFOs, who knowingly certify financial reports that don’t comply with SOX requirements can face fines of up to $1 million and 10 years in prison. Executives who “willfully” certify noncompliant reports, with the intent to mislead or deceive, can face fines of up to $5 million and up to 20 years in prison. Additionally, company officials who make changes that conceal truthful information or include false statements can face fines or up to 20 years in prison. Record falsification, or destruction of records to impede or influence an investigation is also criminalized under SOX. 

How expensive is SOX compliance?

The cost of Sarbanes-Oxley (SOX) compliance can vary widely, depending on the size and complexity of the company: For smaller companies with no physical location, the costs can be as low as $200,000 annually. For larger companies with $10 billion or more in annual revenue can see costs of over $2 million annually. There are many factors including if the company is subject to SOX 404(b), the type of industry, number of physical locations, and the external auditor. Large auditor firms such as Deloitte, EY, PwC, and KPMG (known as the Big 4) will have higher costs than mid-sized audit firms.

Who must comply with SOX?

All publicly-traded companies, wholly-owned subsidiaries, and foreign companies that are publicly traded and do business in the United States must comply with SOX. EU companies looking to enter the United States capital markets must comply with SOX requirements and are not shielded from compliance since they physically reside outside the United States. Accounting firms that perform audits of public companies, must be registered with the PCAOB and also comply with SOX. 

Is the formation of an Audit Committee required by SOX?

Yes, public companies are required under SOX to maintain an audit committee that is independent of management and not involved in day-to-day operations. At least one member of the committee must be a financial expert. The audit committee appoints the external auditors, approves their compensation, and ensures the company’s financial reporting is accurate and free from material errors.