Management: Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley (SOX) Act was enacted in 2002 against the backdrop of massive corporate frauds by major corporations, including Enron and WorldCom, which culminated in the loss of jobs, retirement savings, and other benefits for thousands of employees in addition to shaking investors confidence in the US capital markets (Bauer, 2009). SOX was established to protect investors from corporate fraud and restore confidence in the capital markets. The Act is termed as the most comprehensive legislation ever enacted in the finance landscape specifically directed at the protection of investors from corporate malfeasances (Ribstein, 2008). Through its extensive provisions, strong enforcement mechanisms, and severe penalties on companies and executives for non-compliance and violation, SOX addresses the weaknesses in internal controls, reporting, and disclosure of the off-balance-sheet entities as well as conflict of interest factors that were cited as the key ones that had led to the collapse of Enron, WorldCom, and other firms. Irrefutably, the Act has protected and has the capacity to continue protecting investors from corporate fraud in the future.
Strengthening of Internal Controls
Through section 404, SOX contains expansive internal control requirements in consideration that weak internal controls were among the key factors attributed to the major corporate scandals in the early 2000s. SOX establishes new aspects of internal controls that include management evaluation of internal controls, publishing of a code of ethics for adherence by a company's senior officers, and new provisions about the audit committee (Mitchell, 2012).
Managements Evaluation of Internal Control
In every company's annual reports, SOX demands 1) a statement by managers on their responsibility for creating and maintaining sufficient internal control frameworks and financial reporting procedures, and 2) management's evaluation of the effectiveness of the organization's internal control frameworks and financial reporting procedures as of the end of the organization's latest fiscal year (SEC, 2003). In addition, the management is required to reveal any material weakness, and it cannot assert the effectiveness of the organization's internal controls over financial reporting if any material weakness exists in the internal controls (Mitchell, 2012). Furthermore, the internal auditor of the company is required to attest to the effectiveness of the company's internal controls and financial reporting procedures as stipulated by the Public Company Accounting Oversight Board established under the Act (Bauer, 2009).
Code of Ethics for Corporate Officers
According to SOX, each public company must publish a code of ethics and therein, the standards to be observed by its top financial officers. Such a code should hold the officers socially responsible to customers, employers, and shareholders among other stakeholders (Ribstein, 2008). Before SOX, there were recurrent incidences of corrupt corporate officers hurting the reputation of their organizations and injuring investors and employees (Ribstein, 2008). SOX aims at safeguarding the interests of investors and other stakeholders from losses emanating from unethical practices by a company's officers.
Stronger Audit Committees
SOX requires the board of directors of a company to form an audit committee composed of solely board members independent of the company's management (Mitchell, 2012). Consistent with this requirement, audit committees, instead of the management, are charged with direct responsibility for appointing, compensating, and overseeing the work of external auditors (Bauer, 2009). The audit committee must include a minimum of one financial expert - auditor, public accountant, or controller (Bauer, 2009). Members of the audit committees are barred from accepting any advisory, consulting, and other compensatory payments from the company other than in their capacities as members of the audit committee or other committees established by the board (Mitchell, 2012). The new standards of audit committees and expansion of their responsibilities serve to strengthen corporate governance, which is crucial to the protection of investors.
Regulations on off-balance-sheet Entities
Senior employees of Enron used sophisticated structures, concealed payments, and secret loans to give the impression that certain entities that they had financed and controlled were autonomous from Enron. This enabled Enron to present its interests in these entities off its balance sheet, while these interests ought to have been incorporated into its consolidated financial statements (SEC, 2003). Senior employees took advantage of the concealment that these entities were sovereign from Enron to embezzle millions of dollars in form of illegal profits and undisclosed fees (Bauer, 2009).
SOX deters the recurrence of frauds of this nature by requiring new disclosures about off-balance-sheet entities. After the Sarbanes-Oxley Act was enacted, the Securities Exchange Commission was required to issue rules stating the following. Every quarterly and annual financial report to be filed with the Commission should disclose every material off-balance sheet activity and relationships of the company issuing the financial statements with unconsolidated entities or other persons that might significantly affect the company's financial status, operation results, liquidity, capital resources, capital expenditures, or important aspects of revenues or expenses (SOX, 2002). These measures prevent companies from using special purpose entities to conceal their debts and manipulate income. The requirement that off-balance-sheet entities be disclosed in a firm's consolidated statement of financial position has been important to the enhancement of transparency of financial reporting to investors (Bauer, 2009).
SOX on Conflict of Interest
Conflict of interest and compromise of the audit function is inevitable when an accounting firm's receipts from consulting services substantially outweigh the receipts from audit services. This was the case of Arthur Andersen (Enrons auditor) (Boyd, 2004). The fear of losing huge consulting fees is likely to cause external auditors to be less skeptical when faced with evidence of financial malpractices (Boyd, 2004). SOX addresses the risk of conflict of interest through three items: 1) conflict of duties of a firm's employees and its auditors, 2) rotation of auditor partner, and 3) differentiating audit services from non-audit services (SOX, 2002).
Conflict of Duties between Employees and Auditors of a Firm
On conflict of duties between employees and auditors of a firm, section 206 of the Act stipulates the following. It is illegal for a public accounting company to conduct any audit service to a public company (issuer) if its senior officer(s) such as chief accounting officer, chief financial officer, chief executive officer, controller, or any individual in an equivalent capacity was an employee of that public accounting company and took part in the audit of that issuer during the period of one year preceding the date commencement of the audit (SOX, 2002).
Rotation of Audit Partner
SOX establishes a requirement for auditor rotation. It states that it is illegal for an audit firm to offer auditing services to a company if the lead audit partner, or the individual charged with reviewing the audit, has conducted audit services for that company in each of the past five fiscal years of the company. Consequently, there is a mandatory rotation of the lead audit partner after every five years (SOX, 2002). The requirement for rotation aims at preventing cohesion between a company and its external auditor that may give rise to conspiracies for fraud as was the case between Enron and Arthur Andersen (Boyd, 2004).
Differentiating Audit Services from Non-Audit Services
Conflict of interest among external auditors is addressed further by putting a clear boundary between audit and non-audit services. The Act prohibits an accounting firm (unless pre-approved by the issuing company's audit committee) from providing certain non-audit services that are apparently related to the audit function. The non-audit services include bookkeeping or services related to the preparation of financial reports of the audit client, design and implementation of internal control systems, valuation services, and outsourcing of internal audit services, investment banking, and management functions (SOX, 2002). The requirement that the audit committee preapproves not only audit services but also non-audit services to be offered by an external auditor serves to regulate the external auditor's relationship with the issuing company and deter the possibility of fraud (Ribstein, 2008).
The Sarbanes-Oxley Act will be instrumental in protecting investors from corporate frauds in the future through its dramatic regulations that enhance internal controls, transparency, and disclosure of the off-balance-sheet entities, and conflict of interest between company's employees and its auditors. The provisions addressing the three issues can be expected to prevent corporate frauds, taking into account the austere penalties for non-compliance and violation of these provisions.