The SOX Act refers to federal legislation in the United States that imposes stricter guarantees of the accuracy and transparency of corporate accounting processes and financial reporting with the goal of protecting investors. It was enacted in 2002 as a countermeasure to a succession of cases of improper corporate accounting.
The formal name of the SOX Act is the Public Company Accounting Reform and Investor Protection Act of 2002. Named after Senator Paul Sarbanes and Representative Michael G. Oxley, who were its main architects, the Act is commonly known as the Sarbanes-Oxley Act or, shortened to its initials, as the SOX Act. Simply put, the SOX Act obliges all companies listed on stock exchanges in the United States to be impartial in their accounting, and to accurately reflect the results in their financial statements. The following are three critical points in the Act.
- The management is required to address the issue of internal controls to facilitate accurate financial statements (Internal Control Reporting)
- The Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) are required to prepare and evaluate valid internal controls for financial reporting, and to submit reports on the following three points in the annual financial statement:
- That it is the responsibility of the executives to prepare and maintain internal controls for financial reporting;
- The results of evaluating internal controls for financial reporting (at fiscal year end);
- That the external auditor has issued an attestation (certificate) report.
- The management is required to attest to the fact that the financial statements for their company have been drawn up in the proper manner (Management Reporting)
- With regards to the disclosure of financial statements, the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must personally sign a statement to the effect that the corporate financial reports have been accurately prepared, and submit such documents together with periodical reports, annual reports and quarterly reports to the U.S. Securities and Exchange Commission (SEC). In case of non-compliance, the following penalties apply.
- For violation, fines up to $1,000,000 or up to 10 years’ imprisonment, or both;
- For willful violation, fines up to $5,000,000 or up to 20 years’ imprisonment, or both.
- The company’s internal controls must be audited by an external auditor and an opinion must be obtained. (Audits)
- The external auditor must attest to (certify) management evaluation of the validity of internal controls for financial reporting. The COSO Framework drafted by the Committee of Sponsoring Organization of the Treadway Commission (COSO) shall be used as the audit evaluation standard.
The background to the enactment of the SOX Act is found in the improper accounting practices discovered in the late 1990s and early 2000s, including the Enron and WorldCom scandals. Large numbers of investors suffered losses in these and other similar cases, and the need arose for drastic reforms to the auditing system and the state of corporate governance.
Problems with the SOX Act have been identified; the main one being that the cost of complying with the SOX Act is too high. The SOX Act applies to all corporations that are listed on the stock exchanges in the United States, but there are claims that perfectly healthy small and medium-sized corporations are put under strain by responding to the SOX Act. After receiving indications of the problems, the SEC has started to review a part of the SOX Act and released guidelines for easing the rules at the end of 2006.
The J-SOX Act
Influenced by the SOX Act, Japan is also developing regulatory reform for internal controls and preparing laws concerning financial reporting and accounting audits including the enactment of the Financial Instruments and Exchange Law and revisions to the Certified Public Accountant Law. The J-SOX Act refers to a collection of laws that is concerned with a series of internal regulations. Basically, much of the content conforms to the SOX Act.
The Relationship between the SOX Act and BPM
Introducing BPM is an effective way of dealing with the internal controls required under the SOX Act. With BPM, each business process is clearly defined, and there is accurate understanding of the people and information involved. It is possible to visualize the business process by modeling business flow and to clarify problems that occur. BPM is comprised of the five components of internal control proposed in the COSO Framework. Since BPM facilitates visualization by modeling the business processes, it also facilitates compliance with certificates and other "documentation" required under the SOX Act.
- Internal Control
- Internal Control Reporting System
- Business Flow Diagram
- Business Report
- IT Control
- Application Control
- General Control
- KPMG AZSA & Co.: Japanese version of the SOX Act (Japanese version of the Corporate Reform Act, the J-SOX Act)
- Nippon Keidanren: Comment on Section 407 of the US Corporate Reform Act (Sarbanes-Oxley Act)
- The University of Cincinnati College of Law website
- RSA: Sarbanes-Oxley(The US Corporate Reform Act)
- U.S. Securities and Exchange Commission
- Karl Nagel & Co. Information about the Public Company Accounting Oversight Board (PCAOB)