Background
SOX is a United States federal law enacted on July 30, 2002, The act was named for its sponsors: U.S. Sen. Paul Sarbanes (D-Md.), and U.S. Rep. Michael Oxley, (R-Ohio).
It mandates and improves corporate responsibility and financial disclosure, combats corporate and accounting fraud, and restores investor confidence.
SOX established the Public Company Accounting Oversight Board (PCAOB),
- strengthened penalties for corporate fraud,
- established certain internal control requirements for management, and
- established certain requirements for independent auditors to attest to management’s assessment of internal controls.
Reason for the birth of the SOX Act
Below are the cases which made the US believe it needed SOX Act
- The energy firm Enron Corporation was considered one of the largest, most successful, and innovative companies in the United States. Around 2000, Enron unraveled in less than two years as both the company's fraudulent practices and its executives' criminal activities came to light. Enron’s leadership fooled regulators with fake holdings and off-the-books accounting practices. Enron used special purpose vehicles or special purpose entities to hide its mountain of debt and toxic assets from investors and creditors.
- The telecommunications giant WorldCom became embroiled in scandal as its own fraudulent accounting practices made the news.It was in financial trouble and used questionable accounting techniques to hide its losses from investors and others. It inflated net income and cash flow by recording expenses as investments. By capitalizing expenses, it exaggerated profits by $3.8 billion in 2001 and $797 million in the first quarter of 2002, reporting a profit of $1.4 billion instead of a net loss. After filing for bankruptcy in 2002, the company was hit with a $750 million SEC fine. Its chief executive officer (CEO) was sentenced to 25 years in prison and the chief financial officer (CFO) received a five-year jail sentence as a result of criminal charges in the case.
- The security systems company Tyco International's financial scandal also preceded the Act. The company's former CEO and CFO were convicted of stealing hundreds of millions of dollars from the company, falsifying business records and violating other business laws by commingling of assets (mixing of personal assets and company assets).
Applicability of Act
- All public companies
- Private companies who are going for IPO’s and Special Purpose Acquisition Company (listed on a stock exchange with the purpose of acquiring a private company, thus making the private company public without going through the initial public offering process)
- Foreign companies that are publicly traded and do business in the United States.
Important sections
1. Section 302 "Corporate Responsibility for Financial Reports"
Singing officers (CEO and CFO) to make specific certifications on the end of each quarterly and annual reporting period. Report which contains
- no untrue statements
- fairly presented in all material respects
- Responsibility for design and maintenance of disclosure controls and procedures as well as internal controls over financial reporting
- Not based on a specific criterion (approach based on risk).
2. Section 404 "Management Assessment of Internal Controls"
a) Annual Assessment of internal control over financial reporting (ICFR) using suitable control framework by Management.
- Accept responsibility for establishing and maintaining ICFR.
- Prepare written assessment about the effectiveness of ICFR as of the end of the fiscal year.
b) Internal control evaluation and reporting: Independent auditor to issue a report on the effectiveness of the company’s ICFR (Management is required to file the registered public accounting firm's report as part of the annual report)
Non-Compliance of SOX Act
Criminal penalties stated under section 906.
|
Sl.no |
Non-compliance |
Penalties |
|
1 |
Knowingly submitting a report that does not meet requirements |
$1 million or serve up to ten years in prison |
|
2 |
Willfully certifying a report that does not meet requirements |
$5 million or serve up to 20 years in prison |
|
3 |
Companies that fail to comply |
Delisted from the public stock exchange |
PCAOB relevant standard for auditors
AS 2110: For obtaining an understanding of ICFR.
1. The auditor should obtain a sufficient understanding of each component of ICFR to
- Identify the types of potential misstatements,
- Assess the factors that affect the risks of material misstatement, and
- Design further audit procedures.
2. The nature, timing, and extent of procedures that are necessary to obtain an understanding of internal control depend on the size and complexity of the company
- The auditor's existing knowledge of the company's ICFR
- The nature of the company's controls, including the company's use of IT
- The nature and extent of changes in systems and operations and
- The nature of the company's documentation of its ICFR.
3. Obtaining an understanding of internal control includes evaluating the design of controls. Procedures to obtain evidence aboutdesign effectiveness of controls are
- Inquiry
- Observation
- Inspection
- Walkthroughs
4. ICFR can be described as consisting of the following components(Internal control framework)
- Control environment
- Risk assessment process
- Information and communication
- Control activities and
- Monitoring
FAQ
Question: Whether SOX is applicable for India?
Answer: Yes If Indian company is listed and traded in US market. If not "Clause 49" of listing agreement which came into effect from 31st December 2005 and mandatory for all listed companies. CEO or CFO to certify for the acceptance and responsibility for establishing and maintaining ICFR.
CAclubindia
