Before and after Sarbanes-Oxley - learning to live with change
Less than two months after a jury found Arthur Andersen guilty of "corrupt persuasion" of others to withhold documents in the Enron investigation, Congress passed the Sarbanes-Oxley Act of 2002 (SOX), legislation designed to address the shock and anger in the country over the bankruptcies of WorldCom and Global Crossing, also clients of Arthur Andersen, and other business and accounting scandals.
The goals of SOX were to enhance the transparency of financial information, reaffirm auditor independence, and define corporate governance – the responsibilities of corporate boards and audit committees. Accountants gained prominence and respect as guardians of investors and thousands of young people were drawn to the profession to fill the many new jobs that were created as a result of the law.
The most sweeping securities law since the Securities and Exchange Commission (SEC) was established in 1933 and the enactment of the Securities Exchange Act of 1934, SOX mandated specific SEC oversight and changed the self-regulatory, peer review environment in which accounting firms had operated. It mandated that the SEC set up the Public Companies Accounting Oversight Board (PCAOB) which would "establish auditing and related attestation, quality control, ethics, and independence standards and rules to be used by registered public accounting firms in the preparation and issuance of audit reports."
The PCAOB conducts annual inspections of firms that audit more than 100 issuers and firms that provide audit reports for fewer issuers at least every three years. Their reports are anxiously awaited by accounting firms and are widely read and discussed in the media.
Preparing for a PCAOB inspection became so detailed and expensive for many companies that the Board issued Auditing Standard No. 5 in 2007, which replaced Auditing Standard No. 2 to make the whole process less burdensome for everyone. Documenting internal control involved a thorough review of systems and also meant additional employment opportunities for Information Technology professionals.
SOX also addresses corporate governance and executive fiduciary responsibility, such as loans to officers and directors, management oversight, director due diligence, and executive compensation. It requires that CEOs and CFOs certify reports delivered to the SEC and documentation of internal controls for information presented on the balance sheets and income statements of their companies.
Firms that once focused on being the "sole provider" of services, including consulting and tax services, have learned to market specialty practices to non-audit clients. SOX listed nine activities that the auditor might not perform for a client and said further that an accounting firm [is allowed] to "engage in any non-audit service, including tax services," that is not listed above, only if the activity is pre-approved by the audit committee of the issuer."
Language in Section 401 that deals with enhanced disclosure seems to anticipate the current financial crisis. "Each annual and quarterly financial report . . . shall disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities" that may have a material current or future effect on the financial condition of the issuer.
SOX extended the statute of limitations on securities fraud. Auditors are required under the law to maintain "all audit or review work papers" for five years and employees of issuers and accounting firms are extended "whistleblower protection." Forensic accounting is a growing specialty in the accounting profession.
In June, the SEC agreed to provide small businesses with an additional one-year extension to comply with the Sarbanes-Oxley Section 404(b) auditor attestation requirements. Senator Olympia Snowe, a member of the Senate Committee on Small Business, applauded the decision but asked for further study. "I am also pleased that the SEC will complete a study on the costs and benefits of applying the law to small businesses. The SEC should refrain from implementing any new regulations until such an evaluation is complete."
The influence of SOX has extended to private companies and to nonprofits. Private companies adopted Sarbanes-Oxley provisions either primarily as a "best business practice" or because they were hoping to go public or have hopes of being bought by a public company. These companies have to think ahead to get their internal controls in place, which can take two years by some estimates, the Sacramento Business Journal reports.
Although it does not apply to nonprofits, SOX is serving as a model for higher education and laws that affect nonprofit governance, University Business reports. In 2004 California's legislature passed SB 1262, the Nonprofit Integrity Act, which requires nonprofits with more than $2 million in revenue, chartered or doing business in the state, to have an annual audit and an independent audit committee on the board.
Other nonprofits have adopted governance provisions of Sarbanes as a best practice. A greater emphasis on accountability and transparency followed some of the problems the larger organizations faced after Hurricane Katrina. "We're heavily reliant on donors to entrust us with the good stewardship of their resources," Jeff Amburgey, vice president of finance at Berea College (KY) told University Business. So the staff and board members at Berea College try to stay in front of governance issues.
Citing the cost of compliance among other things. various groups and individuals have called for the repeal of Sarbanes, challenging the law in the courts. Beckstead & Watts, a small accounting firm in Henderson, Nevada is currently challenging the PCAOB in the appeals court of the District of Columbia. But overall, the calls for repeal seem to have muted, and the law, written in such haste, seems destined to remain in force for some time.