Sarbanes Oxley


Sarbanes Oxley



by David Barth, written 2004



Preface
Historically in the US, a few corporation chief officers have acted contrary to the public good. One example is Standard Oil during the early 20th century, which used predatory tactics to drive out competing gas stations in an area and then use its monopolistic position to increase prices beyond what was considered reasonable. Such activities are considered unfair, and at that time antimonopoly legislation was passed by the federal government to prevent such practices.

There have been violations in accounting practices in the past. For example, in the late 1980s, to maintain its sales level and support the its stock price, a disk drive company in Longmont, Colorado, shipped bricks instead of drives, and reported brick shipments as disk drive sales. Although this company was forced out of business, the number of stockholders and employees who were adversely affected was not large enough to result in legislation to effectively stop this sort of practice.

More recently, in the early 21st century, following a correction in the equity markets, several large companies actually "cooked the books" to support their stock price. Although the use of false accounting practices to enhance a company's financial situation is centuries old, it had never been done in such a large scale, and it had never hurt so many employees and stockholders.

Thousands of employees of WorldCom, Enron, Arthur Andersen, and other companies lost their pensions, their 401K accounts, and their jobs. Stockholders in these companies found that the share price had been artificially inflated, resulting in a sudden, catastrophic drop in stock price when the facts of malfeasance were discovered.

The general public assumed that a corporation's accounting firm would prevent false accounting activities, but in some companies, the accounting firm's personnel "looked the other way" to allow poor accounting practices to continue. As a result, one of the world's largest accounting firms, Arthur Andersen, was forced out of business due to the collapse of its image and because legal actions to recover damages would have cost the company billions of dollars, much more than its net worth.

Congress Acts
The public outcry over this situation was significant. Two Congressmen, Senator Paul Sarbanes and Representative Michael Oxley, helped write what became known as The Sarbanes-Oxley Act (SOA) of 2002. This act is significant in that it applies to all US public companies, large and small. The penalties for non-compliance for both the company and its accounting firm are significant. Corporate Avoidance of Responsibility
In the past, a corporate head could sometimes force false accounting to be done with the unwritten consent of its accounting firm. Although the company's stockholders and employees eventually would suffer, the corporate leaders could walk away with significant sums of money and little or no penalty. The company's accounting firm could claim innocence and continue to operate with little or no prejudice. SOA changed all that. Jail time and severe financial penalties face any persons, in both the company and its accounting firm, who are found to be involved in false reporting.

Public, US companies cannot bypass SOA reporting requirements by incorporating outside the US or by transferring their activities outside the US. The only way a company can avoid SOA mandates is to not be under jurisdiction of the US Securities and Exchange Commission (SEC).

SOA Requirements
SOA consists of eleven titles that provide compliance guidance. Each year companies must submit Form 10-K to the SEC. The form is created by the company and its accounting firm's auditors. The form must report that the company and its independent auditors did not identify any "material weaknesses" and that the company's internal control over financial reporting is "effective." All persons who are involved with affirmation of this situation are liable if at any time in the future, the information on the form is found to have been false or misleading.

SOA requires the testing and documentation of accounting processes. The documentation cannot be created and then filed and forgotten. It must be kept up-to-date as a company evolves, and it must be made available for day-to-day business efforts. In a sense, it is a living document meant to reflect the actual company financial reality and show that the company demonstrates due diligence.

The process, as defined by SOA, requires involvement by all company business unit accounting personnel, and may require additional support by technical writers for quality documentation.

Sections of SOA
The following SOA sections provide compliance information: 302, 401, 404, 409, and 802. In addition, establishment of a computer network security policy is an important aspect of meeting SOA requirements. A summary of these sections is provided below:

Title III, Section 302, Corporate Responsibility for Financial Reports
The company must show that:
  • Company officers have reviewed and signed the financial reports
  • The reports are true, do not contain omissions, and are not misleading
  • The financial reports are a true picture of the company's financial condition
  • Company officers have evaluated the internal controls and reported on them within the past ninety days
  • Any internal control deficiencies are listed
  • Information on fraud related to any employees who are involved with internal controls is provided
  • Significant changes to internal controls are described
  • Any factors that could negatively impact internal controls are described
Title IV, Section 401, Disclosures in Periodic Reports
The company must show that:
  • Financial reports are accurate
  • Financial reports include all off-balance sheet liabilities, obligations, and transactions
The SEC must:
  • Study and report on off-balance sheet transactions
  • Determine if generally accepted accounting principles and other regulations have resulted in quality financial reports
Title IV, Section 404, Management Assessment of Internal Controls
The company must show that:
  • Describe the scope, adequacy, effectiveness, and procedures of its internal controls and financial reports in the annual report to stockholders.
The company's accounting firm shall:
  • Attest to the scope, adequacy, effectiveness, and procedures of the company's internal controls and financial reports in the annual report to stockholders
Title IV, Section 409, Real Time Issuer Disclosures
The company shall:
  • In a timely manner, disclose to the public in easy-to-understand verbiage, any changes to the company's financial condition
Title VIII, Section 802, Criminal Penalties for Altering Documents
Penalties may include:
  • Monetary fines and/or up to twenty (20) years imprisonment for negatively impacting financial reporting documents with intent to obstruct a legal investigation
  • Monetary fines and/or up to ten (10) years imprisonment for anyone who willfully ignores the reporting and audit requirements

SOA Compliance Kits
Many vendors have developed SOA compliance information for sale to companies that need SOA guidance. A web-search will identify them.