Has SOX Been Successful?

Sep 5th 2012
Share this content

Sometimes overlooked in the debate about SOX are the contributions it has made in generating a greater focus on improved corporate governance and stronger ethics and compliance programs. Needed improvement in audit quality is a continuing concern.

The Sarbanes-Oxley Act (SOX) of 2002 was enacted following a series of failures involving various functions designed to protect the interests of the investing public. Containing several highly controversial provisions, SOX created a total revision of the regulatory framework for the public accounting and auditing profession and provided guidance for strengthened corporate governance. It was considered to be the most far-reaching legislation affecting public corporations and their independent auditors since the 1930s.

SOX is widely credited for strengthening at least two major areas of investor protection: 

(1) CEO and CFO responsibility and accountability for all financial disclosures and related controls; and (2) increased professionalism and engagement on the part of corporate audit committees. Yet some continue to question its overall value, citing, as an example, its failure to prevent the situations that led to the financial crisis of 2008.

Section 404

One of the most controversial aspects of SOX Act is Section 404, which requires company management to provide assertions of effective internal control over financial reporting and for the company's independent audit firm to attest to those assertions.

Congress has been repeatedly pressured to ease this requirement, which it did with the Jumpstart Our Business Startups Act (JOBS Act), passed by Congress and signed by President Obama April 5, 2012. The JOBS Act contained a provision that eliminated the SOX Section 404 requirements for organizations that meet the definition of an emerging growth company.

Aside from requiring management's assertions and the auditor's attestation, SOX Section 404 also requires public companies to disclose whether or not they have adopted a code of ethics applicable to their senior financial officers. For companies listed on the New York Stock Exchange (NYSE), this requirement has been expanded to require listed companies to adopt and disclose on their websites a code of business conduct and ethics for directors, officers, and employees and to promptly disclose any waivers of the code for directors or executive officers. The NYSE also provides a list of topics that ethics codes should cover. NASDAQ has adopted similar requirements. All these requirements have significantly elevated the visibility of ethics and made a strong ethical culture a best practice for organizations of all sizes and types.

The significance of a strong ethical culture to organizational success has been the subject of many of my articles. An ethical culture makes it easier to attract the most qualified employees and minimizes the cost of employee turnover and retraining, which results in optimal productivity and higher profitability. The benefits of a strong social, environmental, and ethical reputation also resonate with a growing number of consumers who want to patronize such firms.

Audit Firm Performance

When evaluating the overall effectiveness of SOX, a vital consideration to make is whether the performance of independent auditors has improved over the last ten years. The importance of auditor performance is seen in the fact that the first subchapter of the act provides for a body "to oversee the audit of companies that are subject to the securities laws, and related matters, in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports." Whether the revised oversight structure adequately regulates public company auditors appears to be an open question even after so many years.

Since auditing became a distinct occupation many hundreds of years ago, auditors have functioned largely as self-regulating professionals. Prior to SOX, important decisions regulating the profession were made largely or exclusively by the auditing industry, its firms, and auditors themselves. These included:

  • Setting the bar for entry into practice.
  • Promulgating the auditing and ethical standards that auditors should employ.
  • Determining the quality of performance in using those audit standards.
  • Determining whether an auditor violated ethical standards
  • Disciplining those who failed to practice properly.

When SOX was enacted, the practice of public accounting was divided into audits of publicly held companies and all other entities. SOX established the Public Company Accounting Oversight Board (PCAOB), an independent body under the oversight of the US Securities and Exchange Commission (SEC). The PCAOB was given the mission to set and enforce practice standards for a new class of firms "registered" to audit publicly held companies. Standards for not-for-profit and governmental entities continue to be set by the industry itself.

An annual speech by the PCAOB chairman has been the only public evaluation of the quality of performance of audit firms. These reports have expressed only general comments, not comprehensive statistics. In 2011, PCAOB Chairman James Doty stated that PCAOB inspectors had reviewed more than 2,800 engagements of the largest audit firms and "discovered and analyzed hundreds of cases involving what they determined to be audit failures." An audit failure is a defined term describing the most serious deviations from proper practice.

In his 2012 report, Doty noted",Inspections continue to reveal an unacceptable level of deficiencies." He added that audit regulators around the world had "identified a gap between the purpose of the audit and its fulfillment" because of the possibility that "firms' cultures still impliedly encourage auditors to sell services to their audit clients and, if so, legal or illegal, whether such goals undermine the appropriate state of mind for auditors." These generalizations don't instill confidence in the users of professional auditing opinions.

The general requirement in SOX that all findings resulting from PCAOB inspections be held confidential hinders any analysis of perhaps the key measure of audit quality: audit failure. Public reports of annual inspections of specific audit firms contain no details of findings on individual clients. This protects the firm in case of actual or threatened litigation. The PCAOB does have the power to "unseal" portions of the confidential information if it finds that subsequent improvement efforts are "unsatisfactory concerning any particular criticism."

An example of a firm providing unrelated nonaudit services that could impair its independence involves Ernst & Young (E&Y) and the US Chamber of Commerce (USCC). A report by E&Y containing macroeconomic estimates of potential future changes in the US economy was sponsored by four industry organizations: the Independent Community Bankers of America, the National Federation of Independent Business, the S Corporation Association, and the USCC. These economic estimates were designed to show the possible detrimental effect on US jobs and investment by allowing the "top tax rates paid by business owners to rise sharply starting January 1 of next year." The results have been widely publicized by some industry and political lobbying groups, including several of the sponsoring organizations, though it isn't mentioned on the USCC website.

E&Y signed USCC's publicly available Form 990 not-for-profit tax return, which leads one to assume that E&Y is USCC's auditor. Yet in SEC Release 33-8183",expert services unrelated to the audit" is one of the nonaudit services considered likely to impair an accounting firm's independence if provided to an audit client. One could argue then that an engagement designed as an instrument to directly foster the USCC's mission "to advance human progress through an economic, political, and social system based on individual freedom, incentive, opportunity, and responsibility", which the E&Y report appears to be, falls within the scope of services prohibited by SOX for public company audits and is problematic for other clients.

In an unrelated case of audit failure, on February 8, 2012, the PCAOB announced the censure of E&Y and imposed a $2 million penalty for faulty audits of Medici Pharmaceutical Corporation for 2005, 2006, and 2007 financial statements, its largest civil money settlement to date. It also assessed censure sanctions on four E&Y partners for varying time periods. The respondents neither admitted nor denied the PCAOB findings and didn't consent to make the case public.

An analysis of firm performance reported in PCAOB firm inspections appearing in Between the Numbers showed a 20 percent rate of audit failure at E&Y for 2010, more than double the rate in the 2009 inspections. Compliance Week reported even higher audit failure rates at other large firms based on 2010 PCAOB inspections: 22 percent at KPMG, 39 percent at PricewaterhouseCoopers, and 45 percent at Deloitte. Presuming the sample of engagements selected by PCAOB inspectors for analysis is reasonably representative of all audit work performed by the firms, these statistics don't engender the confidence necessary for investors to trust the validity of financial information they are receiving.

SOX Enforcement

To be fair, a great deal of the effectiveness of SOX depends on the vigor to which it's enforced. Questions remain as to whether the SEC's and Department of Justices's enforcement of SOX has been sufficient. A July 30 article in The Wall Street Journal notes that SOX's "biggest hammer - the threat of jail time for corporate executives who knowingly certify inaccurate financial reports - is going largely unused."

Although SOX has been successful in increasing corporate focus on a strong ethical culture in publicly owned companies, there's room for improvement in audit firm performance as well as the PCAOB's process for assessing and reporting on it.


Replies (2)

Please login or register to join the discussion.

By Ron Baker
Jun 25th 2015 20:10 EDT

article. However, it doesn't deal with the 800-pound elephant in the elevator:
How can auditors be independent if they are paid by the companies they are
auditing? Can one be paid to be independent? SOX did not deal with this issue, our
profession refuses to even acknowledge the issue, and yet tackling it honestly
is the only way to reform the systemic problems facing the auditing industry.

First, why should the audit be a state-granted monopoly? Open it up and
let the free market innovate new solutions to attesting to the financial
performance and risk position of companies. The goal is to protect the public,
and there are myriad ways of accomplishing this objective, we don’t have to
suffer with a one-size-fits-all monopoly offering.

Insurance companies and banks could innovate new products, the stock
markets could also enter the fray, by hiring the auditors and thereby remove
the major conflict of interest.

Second, Sarbanes-Oxley. It is past time this overwrought piece of
regulation was challenged, since it was passed in haste, and its costs have far
exceeded its meager benefits, despite the claims made in the article. Not only
would SOX not have prevented Enron, WorldCom, etc., it punishes the very people
it is designed to protect—shareholders—by imposing regulatory burdens that
reduce profitability and stock values. Further, it rewarded, with over $1
billion worth of regulatory revenue, the very profession—auditors—that played a
part in the failure of Enron, etc.

Without doubt, After
Enron: Lessons for Public Policy, is the best book written so far on
why Enron happened and the public policy implications for this and other
accounting scandals.

The editor, the late William Niskanen, was a former acting chairman of
President Reagan’s Council of Economics advisor and was chairman at the Cato
Institute since 1985.

This book is the only one I’ve read that offers meaningful ideas on
accounting and auditing reforms, such as the innovative idea of having the
stock exchanges select which accounting standards its companies should be
required to follow, as well as paying the auditors itself in order to remove
the ultimate conflict that exists between auditors and their clients––the fact
they are being paid by the very companies they are hired to audit. This would
force competition into the promulgation of accounting standards as different
exchanges would select different standards, a salutary idea.

This book is very deep, grounded in solid economic theory, and,
unfortunately––but not surprising––I’ve never seen anyone in the mainstream
accounting press mention any of the ideas it contains.

For true accounting and auditing reform, we must
look to the think tanks, not the universities, government, or the regulatory

Nothing focuses an individual, a
company, or an industry like unregulated competition. Let us begin to innovate
and create a better tomorrow by offering a new financial reporting model to the
public and throw off the shackles of a regulated attest monopoly, and put
ourselves to the ultimate test––providing value in a free, unfettered
marketplace, while serving the interests of the public we are privileged to

Thanks (0)
By Soc
Jun 25th 2015 20:12 EDT - see a good website on SOX

Thanks (0)