Sarbanes-Oxley (SOX) Act of 2002

Sarbanes-Oxley (SOX) Act of 2002

The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations. The act took its name from its two sponsors — Sen. Paul S. Sarbanes (D-Md.) and Rep. Michael G. Oxley (R-Ohio). The rules and enforcement policies outlined in the Sarbanes-Oxley Act of 2002 amended or supplemented existing laws dealing with security regulation, including the Securities Exchange Act of 1934 and other laws enforced by the Securities and Exchange Commission (SEC). Also known as the SOX Act of 2002 and the Corporate Responsibility Act of 2002, it mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers. Besides the financial side of a business, such as audits, accuracy, and controls, the SOX Act of 2002 also outlines requirements for information technology (IT) departments regarding electronic records. The Sarbanes-Oxley Act of 2002 came in response to financial scandals in the early 2000s involving publicly traded companies such as Enron Corporation, Tyco International plc, and WorldCom.

The Sarbanes-Oxley (SOX) Act of 2002 came in response to highly publicized corporate financial scandals earlier that decade.

What Is the Sarbanes-Oxley (SOX) Act of 2002?

The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations. Also known as the SOX Act of 2002 and the Corporate Responsibility Act of 2002, it mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers.

The Sarbanes-Oxley Act of 2002 came in response to financial scandals in the early 2000s involving publicly traded companies such as Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds shook investor confidence in the trustworthiness of corporate financial statements and led many to demand an overhaul of decades-old regulatory standards.

The act took its name from its two sponsors — Sen. Paul S. Sarbanes (D-Md.) and Rep. Michael G. Oxley (R-Ohio).

The Sarbanes-Oxley (SOX) Act of 2002 came in response to highly publicized corporate financial scandals earlier that decade.
The act created strict new rules for accountants, auditors, and corporate officers and imposed more stringent recordkeeping requirements.
The act also added new criminal penalties for violating securities laws.

Understanding the Sarbanes-Oxley (SOX) Act

The rules and enforcement policies outlined in the Sarbanes-Oxley Act of 2002 amended or supplemented existing laws dealing with security regulation, including the Securities Exchange Act of 1934 and other laws enforced by the Securities and Exchange Commission (SEC). The new law set out reforms and additions in four principal areas:

  1. Corporate responsibility
  2. Increased criminal punishment
  3. Accounting regulation
  4. New protections

Major Provisions of the Sarbanes-Oxley (SOX) Act of 2002

The Sarbanes-Oxley Act of 2002 is a complex and lengthy piece of legislation. Three of its key provisions are commonly referred to by their section numbers: Section 302, Section 404, and Section 802.

Because of the Sarbanes-Oxley Act of 2002, corporate officers who knowingly certify false financial statements can go to prison.

Section 302 of the SOX Act of 2002 mandates that senior corporate officers personally certify in writing that the company's financial statements "comply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer." Officers who sign off on financial statements that they know to be inaccurate are subject to criminal penalties, including prison terms.

Section 404 of the SOX Act of 2002 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it's often expensive to establish and maintain the necessary internal controls.

Section 802 of the SOX Act of 2002 contains the three rules that affect recordkeeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific business records that companies need to store, which includes electronic communications.

Besides the financial side of a business, such as audits, accuracy, and controls, the SOX Act of 2002 also outlines requirements for information technology (IT) departments regarding electronic records. The act does not specify a set of business practices in this regard but instead defines which company records need to be kept on file and for how long. The standards outlined in the SOX Act of 2002 do not specify how a business should store its records, just that it's the company IT department's responsibility to store them.

Related terms:

Andersen Effect

The Andersen Effect is a reference to auditors performing more careful due diligence when auditing companies in order to prevent accounting errors. read more

Certified Public Accountant (CPA)

A certified public accountant (CPA) is a designation given to those who meet education and experience requirements and pass an exam. read more

Dodd-Frank Wall Street Reform and Consumer Protection Act

Dodd-Frank Wall Street Reform and Consumer Protection Act is a series of federal regulations passed to prevent future financial crises. read more

Enron

Enron was a U.S. energy company that perpetrated one of the biggest accounting frauds in history. Read about Enron’s CEO and the company’s demise. read more

Financial Statements , Types, & Examples

Financial statements are written records that convey the business activities and the financial performance of a company. Financial statements include the balance sheet, income statement, and cash flow statement. read more

Internal Audit

An internal audit checks a company’s internal controls, corporate governance, and accounting processes. read more

Internal Controls

Internal controls are processes and records that ensure the integrity of financial and accounting information and prevent fraud. read more

Securities and Exchange Commission (SEC)

The Securities and Exchange Commission (SEC) is a U.S. government agency created by Congress to regulate the securities markets and protect investors. read more