The Pros and Cons of the Sarbanes-Oxley Act

When Enron declared bankruptcy in 2001, it was one of the world’s largest corporate scandals. That year, they had over $63 billion dollars worth of assets and soon became a symbol for executive-level corruption after declaring bankruptcy only four years later. This large scandal was then followed by the Sarbanes-Oxley Act, which sought to avoid future scandals like this from happening again. 

Sarbox is a law passed by the United States Congress that aims to protect shareholders from fraud. The Sarbanes-Oxley Act of 2002, also known as SOX, strengthens corporate oversight and improves internal controls. These controls will hopefully protect investors against fraudulent financial statements provided by companies. One way SOX does this is by requiring independent third parties to verify company financials before they can be released. Such measures are welcome for many investors, though it may prove difficult for some businesses when complying with these requirements. 

The Sarbanes Oxley Act was put into place in response to accounting scandals at Enron and other corporations late in 2001, where management manipulated finances as well as kept secret off-balance-sheet debt obligations while reporting profits based on unrealistic assumptions about market prices. 

SOX was created to increase the transparency of how businesses are run and therefore make it easier for investors. However, this increased regulation has led many companies to outsource their jobs overseas in order to remain competitive when faced with high compliance costs. Point blank, this is a law that both helps and hinders investments. That being said, its main goal is to increase the company’s transparency through more stringent regulations on management practices. To help you and your business make an informed decision on how this will affect your business or investment strategy we’ve compiled the pros and cons of SOX which should give perspective on whether it’s worth supporting or not. 

The Pros

  1. At All Times, Crucial Information Can’t Be Withheld From Shareholders

The Enron Corporation used a shady practice called mark-to-market accounting, also known as cooking the books, by hiding their losses. For example, if they built an asset, such as a power plant and predicted that it would make a profit before even earning any revenue from it and then actually made money, which was less than what was projected on paper, Enron transferred assets off the company’s ledgers into another corporation. These numbers were not accounted for at all. In other words, rather than hurt its bottom line with financials being reported accurately, the company would lose profits wouldn’t be devastating since no one knew about them except insiders who benefited from insider trading schemes. 

By requiring that all company reports be verified independently for accuracy, stockholders can rest assured knowing their investments have not been put at risk due to dishonest business activities like this one.

  1. The Need for Internal Controls is Vital 

The Sarbanes-Oxley Act of 2002 is a federal law that requires managers to perform internal control testing on their company’s financial statements. The idea behind this legislation was for the government and investors to be more aware if there are any management overrides happening, which led to an extensive investigation into Enron Corporation in 2001. 

In order to prevent the same internal controls that led to Enron’s downfall, management is required to test these controls quarterly and file a report on their effects. This prevents managers from manipulating transactions by placing checks and balances in place that can catch abnormalities before it becomes too serious of an issue for anyone involved. 

The Cons

  1. Sometimes, Smaller Companies Feel the Burden

SOX has been criticized by small public companies that are required to follow the same reporting rules as large, multinational corporations. Essentially, Section 404 states internal control procedures for all organizations but still leaves out the differentiation between company size and resources available. This leaves smaller companies with a difficult choice of either following SOX or spending their own money on additional external compliance measures they don’t have in place internally yet. 

One of the reasons that small businesses succeed is because they don’t have to worry about their IT. The around the clock support and flat-rate fee structure make it a low-cost, predictable expense with great benefits as well. With a managed service provider, you or your business doesn’t have to worry about constantly upgrading your technology. They’ll take care of everything from data backup and disaster recovery to providing technical support at all hours, so no matter what time it is or where you are in the world, at a fraction of the cost. 

  1. Audit Fees are Increased 

When auditors are forced to be more accountable for their audit reports, they have less time and resources available. This means that fees go up which allows them the time required for work with SOX compliance while covering additional liability from a data breach. One thing to consider is South Dakota, which is a state that has one of the strictest laws in regards to data breaches. In this state, companies are now able-bodies liable after any incident. So when the increased audit fee of SOX compliances is increased, ask yourself if your business can afford to pay $10,000 a day due to a data breach. 

What is the IT Team’s Role in SOX Compliance?

In 2002, the Sarbanes-Oxley Act was formed due to a huge business scandal that took place involving three large companies. These three companies, Enron, Arthur Andersen, and Worldcom, ended their business endeavors with prison sentences, countless layoffs, and billions of invested dollars lost. This act was formed in order to increase company security and prevent a large-scale accounting scandal from happening again. 

With this act, businesses establish a strong and transparent internal control over all of their financial reporting. A SOX audit is required for all public, private, in-country, and overseas businesses. A company will be asked to hire a third-party auditor and comply with the SOX guidelines. A business team’s responsibilities are to identify the company’s biggest priorities when dealing with financial risk. 

This act is 66 pages in total but has only a few very important sections that businesses can prepare for. The most important sections of this act are 302, 404, 409, and 802. 

SOX Section 302

Keeping executives in the loop of all business activities is the baseline of this section. CEOs and CFOs are required to personally vouch for their company’s financial standards. These two in management need to state that they have evaluated ICFR within 90 days of certifying final financial results. The IT team’s role is to then deliver real-time reporting, based on their internal controls. These controls must apply to the SOX guidelines. This usually requires automating tasks, such as testing, evidence fathering, and even reporting on remediation efforts. These reports should be given to the auditor and management. 

SOX Section 404

In this section, establishing the proper business controls to support all accurate financial reporting is crucial to a business’s livelihood. Many organizations don’t have the resources or time to perform a full SOX audit every year. Fortunately, they can outsource this burden by hiring an external auditor who will provide them with peace of mind that their financials are accurate and transparent while saving them from spending valuable man-hours on internal audits.

The IT team is an integral part of the company’s financial data management. The wide variety of tasks they undertake includes protecting information from unauthorized access, ensuring accuracy and completeness in all given information, fixing bugs that have been identified by application testing or software integration verification to ensure processes run smoothly and quickly with maximum possible security for clients’ assets.

In order to ensure the accuracy and completeness of all given information, a business’s IT team is responsible for security measures. In the case of a SOX audit, this may involve testing software integration or performing automated process tests in an effort to prevent unauthorized access to asset-bearing accounts – which could be damaging both financially and logistically.

SOX Section 409

SOX section 409 ensures the timely disclosure of any information that could shift a public company’s financial performance. Certain events such as mergers and acquisitions, bankruptcy, or crippling data breaches will sometimes be the cause of this type of effect on companies’ stocks.

To avoid any major financial disruption, it is important for public companies to be sure they are in compliance with SOX. In the rare occasion that this does happen, there must be timely disclosure of information about what happened so shareholders know how best to handle their investments accordingly

The IT team’s main and most important role is to support SOX compliance software. This software typically uses alert mechanisms, as well as quick ways of informing shareholders and regulators. These tools are used for timely disclosure requirements, in order to ensure the company stays on top of any changes or missteps with financial statements.

SOX Section 802

Paper and electronic records are often kept by small businesses today, but this is not always a safe decision. Spreadsheets on an end user’s computer, email messages, Instant Messages, recorded calls discussing money, or financial transactions should be carefully monitored for security purposes as they must be preserved to provide auditors with the information needed during audits of your business finances.

The IT team’s role in SOX compliance regulations is to preserve records with internal backup processes, and additionally, need to make sure document management systems are operating properly. These processes may or may not include an archive of old email content, depending on the organization’s needs and technological capabilities. The professionals also have control over maintaining accessibility for these documents in the most modern ways. 

How to Ensure a SOX Audit Goes Smoothly 

The Unified Compliance Framework (UCF) is the perfect way for IT teams to satisfy multiple regulations. With this framework in place, an organization can adopt a set of controls that will meet all compliance needs, no matter how strict they are. 

Documenting processes before they happen will save both time and money in the long run. If you’re ready for any audit, whether it be from your boss or an outside auditor, then the process is easy to document as well. Listed below are a few different frameworks that can be used when undergoing a SOX audit. 

COSO Framework

The Committee of Sponsoring Organizations of the Treadway Commission, which is known as the COSO, has created a framework for creating an effective internal control system. You can use their five components, directed leadership, shared values, and culture that emphasizes accountability for control as well as risk-based approach to help create your foundation on organizational controls through identifying and assessing risks at all levels, in order to prevent costly mistakes from happening again.

COBIT Framework

The COBIT framework is a valuable tool for organizations looking to create an internal control system. This comprehensive set of guidelines combines compliance with other requirements, such as SOX and technical issues that companies may have faced when implementing their corporate governance within IT teams. With the help of this guide, businesses are able to better understand how they can maximize the potential value gained from their IT team while also simplifying implementation for a successful enterprise-wide management policy.

Your team’s role to document and package the process, as well as support systems that minimize risk is vital for SOX compliance. Preventing accounting oversight will help your company stay in line with industry standards by ensuring it stays compliant all year long.