Sarbanes-Oxley: 15 years of successes and challenges
In the wake of a variety of accounting scandals that cost investors billions of dollars, the Sarbanes-Oxley Act was introduced in 2002 to provide assurance about the accuracy and completeness of financial statements.
The intent of the regulation was to prevent the collapse of equities and restore investors’ confidence in the markets.
While a perfect world is unachievable, 15 years later, investor confidence has certainly made great progress, and the governance landscape has been reshaped significantly. But the positive impact of SOX has extended beyond its initial goals, and it should continue to be relevant as it evolves to encompass new developments.
When first introduced, SOX was seen as a huge and burdensome exercise for public companies of all sizes. Businesses had little knowledge of it and often had to spend much money and manpower to get it implemented. Not only that, but it also required many people to oversee the process as companies tended to ensure that they were over-compliant. The significant costs and complex regulations made SOX the bane of many corporations.
Fast forward to now. SOX has allowed a more efficient and streamlined approach that focuses on areas of real risk rather than a catch-all approach. Companies that have put sufficient resources and effort into designing strong SOX programs have clearly understood the benefits that SOX brings beyond compliance. The acceptance that Sarbanes-Oxley was here to stay allowed its internal control environments to become the norm within organizations.
Changed corporate behavior
SOX forces companies to be disciplined and helps businesses reduce the number of mistakes they would make otherwise. As a result, according to an annual report done by Audit Analytics, the number of restatements noted in 2016, at 671, was the lowest in a decade. In 2015, 765 companies told investors a restatement was needed. SOX also strengthens the roles and responsibilities of audit committees to allow them to continue to hone their capabilities and enhance their financial reporting, creates specific communication of the review delivered throughout the company and provides the internal audit team with a prime opportunity to become one of the cornerstones of business.
Furthermore, the SOX guidelines protect whistleblowers from retaliatory actions and prevent potentially expensive lawsuits and government fines. A fully transparent disclosure process is a key part of SOX, and this has created stronger companies.
Under the requirements of SOX, public companies are obligated internally to perform extensive control tests; and externally, they are instructed to disclose any material off-balance sheet arrangements. Also, top managers have to personally certify the accuracy of the financial reports. SOX also requires all board members to be evaluated to be financially literate and competent, which enhances the credibility of the company in attracting investors.
Despite all the benefits that SOX brings to businesses, there remain new emerging and ongoing challenges of which audit executives and leaders need to stay abreast.
Cybersecurity is something that historically was not part of the standards of what to look at when SOX was first enacted, but with the widely increased adoption of cloud computing, cyber security has become one of the major concerns among companies.
Time devoted to SOX compliance activities continues to increase as the disclosure requirements evolve. This is especially the case for companies that have a great number of locations, which call for greater control counts, and ultimately contribute to the rising number of hours. The time factor leads to a large number of public companies now outsourcing or co-sourcing their SOX compliance work.
Cost efficiency is something that businesses are still looking for today when practicing SOX compliance activities. Since the Securities and Exchange Commission approved Auditing Standard No. 7 in 2009, accounting firms performing audits and interim reviews of financial information for public companies had to plan to commit more resources, which meant it expanded what SOX had to cover previously, and ultimately increased the cost.
Even though SOX brings new challenges and some headaches to companies, it has contributed far more to corporate excellence through more robust internal controls for financial reporting, increased investor confidence and a greater appreciation for discipline, transparency and management responsibility.