Sarbanes-Oxley Act

Joshua Harold
Ryan Stoeckel
Wayne Tse
 What is Sarbanes-Oxley ?
 Drafted by Sen. Paul Sarbanes and Rep. Michael Oxley
 Signed into law 7/30/02
 A reaction to high-profile corporate fraud cases
 Enron
 WorldCom
 Intended to prevent similar situations by
 Creating and strengthening corporate controls
 Requiring enhanced financial disclosures
 Creating new standards for corporate accountability
 Creating new penalties for acts of wrongdoing
 The Objective
 “To protect investors by improving the accuracy and
reliability of corporate disclosures made pursuant to
the securities laws.”

 “To deter and punish corporate and accounting fraud

and corruption, ensure justice for wrongdoers, and
protect the interests of workers and shareholders.”
 Wall of Shame

 12/2001 – Enron

 6/2002 – Arthur Andersen

and WorldCom

 1/2002 Global Crossing

 12/2004 Kmart and Tyco

 The Big Three
Enron WorldCom Tyco
 Spurred corporate  Fueled the flames  Corporate
gov. movement corruption
 Led to Sarbox
 Led to Sarbox  Accounting fraud
 Accounting fraud
 Corporate greed  Misuse of funds by
(insider trading)  Wall Street top execs.
involvement
 Accounting fraud  Federal indictment
($600 million)  Federal indictment
 Kozlowski and
 Bad Corporate  Ebbers found Swartz found guilty
Governance guilty

 Criminal trial
 Sarbanes Oxley Act
 Enacted July 30, 2002 (nine months after first
announcement of Enron problems)
 Applicable to “Issuers” as defined in the SEC
Act of 1934 (approximately15,000 public
companies)
– Companies required to file periodic reports with the
SEC
– Companies with more than $1,000,000 in total assets
and at least 500 shareholders
– Companies who have registered securities with the
SEC
– Companies that are “in registration”
 Sarbanes Oxley Act
 Creates the Public Company Accounting
Oversight Board or PCAOB, funded by
accounting firms and registrants
 Revises corporate governance standards
 Adds new disclosure requirements
 Creates new federal crimes related to fraud
 Significantly increases criminal penalties for
violations of the securities laws
 Organization of the Act –
Eleven Titles, Numerous Sections

 Title I – Public Company Accounting  Title VII – Studies and Reports

Oversight Board
 Title VIII – Corporate and
 Title II – Auditor Independence Criminal Fraud Accountability
 Title III – Corporate Responsibility
 Title IX – White-Collar Crime
Penalty Enhancements
 Title IV – Enhanced Financial
Disclosures
 Title X – Corporate Tax Returns
 Title V – Analyst Conflicts of Interest
 Title XI – Corporate Fraud and
 Title VI – Commission Resources and Accountability
Authority
 TITLE I – PUBLIC COMPANY
ACCOUNTING OVERSIGHT BOARD
 Creation of the Public Company Oversight Board (the
Board)
 Created as a non-profit organization, the Board will oversee audits of
public companies; it is under the authority of the SEC but above
other professional accounting organizations such as the AICPA
 The Board is comprised of 5 members (appointees), with a maximum
of two CPA’s
 Among its duties are registering existing public accounting firms
which prepare audits for publicly traded companies (issuers),
reviewing registered public accounting firms (auditing the auditors),
establishing and amending rules and standards (in cooperation with
other standard setters), and in the event of non-compliance by
registered public accounting firms, to try such firms (and/or any
related associate(s)) and penalize
 TITLE II – AUDITOR
INDEPENDENCE
 Prohibits registered public accounting firms (RPAFs) who audit an issuer from
performing specific non-audit services for that issuer, including but not limited to:
bookkeeping, financial information systems design, appraisal services, actuarial
services, internal audit outsourcing services, management/human resource
functions, broker/dealer, legal/expert services outside the scope of the audit
 In addition to these limitations, audit functions and all other non-audit functions
provided to the audit client must be pre-approved by the Board (such as tax
services)
 Audit Partner rotation – Lead partner on 5 years, off 5 years; other partners on 7
years, off 2
 RPAFs performing audits to issuers must report to issuer’s audit committees about:
(1) critical accounting policies to be used in the audit, (2) any written
communication with management, and (3) any deviations from GAAP in financial
reporting
 TITLE II (cont.)
 A conflict of interest arises and an RPAF may not perform
audit services for any issuer employing – in the capacity of
CEO, controller, CFO or any other equivalent title – a former
audit engagement team member – there is a “cooling-off
period” for one year
 i.e., an employee of an RPAF who works on an audit of an issuer may
not turn around and directly go to work for that issuer – they must wait
one year
 Currently under investigation is the possibility of mandatory
rotations of audit clients among registered public accounting
firms
 TITLE III – CORPORATE
RESPONSIBILITY
 Audit Committee (committees est. by the board of a company for the
purpose of overseeing financial reporting) Independence
 Establishes minimum independence standards for audit committees
 Independence of the audit committee crucial in that it must (1) oversee and
compensate RPAF to perform audit, and (2) establish procedures for addressing
complaints by the issuer regarding accounting, internal control, etc. (this lays the
foundation for anonymous whistleblowing)
 CEOs and CFOs must certify in any periodic report the truthfulness and
accurateness of that report – creates liability
 Under certain conditions of re-statement of financials due to material non-
compliance, CEOs and CFOs will be required to forfeit certain bonuses and
profits paid to them as a result of material mis-information
 TITLE IV – ENHANCED
FINANCIAL DISCLOSURES
 Issuers must disclose “off-balance sheet transactions” in periodic reports
 No issuer shall make, extend, modify or renew any personal loan to CEOs, CFOs (limited
exceptions include company credit cards)
 Annual reports will contain internal control reports which state the responsibility of
management for establishing such controls and their assessment of the effectiveness of such
controls – which must be attested to by the auditor
 In periodic reports filed, the issuer must disclose its code of ethics for senior financial
officers, and if the issuer has not adopted such a policy, must disclose why not
 Issuer must disclose whether or not its audit committee is comprised of at least one financial
expert, and if not, why
 Member considered financial expert if they have an understanding of GAAP, experience in
preparing/auditing financials, experience with internal controls, and an understanding of audit
committee functions
 SEC must review disclosures (in financials) made by any issuer at least once every three years
(similar to Board review of registered public accounting firms)
 Issuers must disclose in real time any additional information concerning material changes in
the financial condition or operations of the issuer
 TITLE V – ANALYST
CONFLICTS OF INTEREST
 National Securities Exchanges and registered
securities associations must adopt rules
designed to address conflicts of interest that
can arise when securities analysts recommend
securities in research reports
 To improve objectivity of research and provide
investors with useful and reliable information
 TITLE VI – COMMISSION
RESOURCES AND AUTHORITY
 Increase 2003 appropriations for the SEC to $780 million, $98
million to be used to hire an additional 200 employees for
enhanced oversight of auditors and audit services
 SEC will establish rules setting minimum standards for
profession conduct for attorneys practicing before it
 SEC to conduct investigations of any security professional
who has violated a security law
 May censure, temporarily bar or deny right to practice
 TITLE VII – STUDIES AND
REPORTS
 The Comptroller General of the US shall conduct a study regarding the
consolidation of public accounting firms (e.g. Coopers & Lybrand/Price
Waterhouse combine to become PriceWaterhouseCoopers;
ToucheRoss/DeloitteHaskins merge to become Deloitte & Touche) since 1989,
analyze the past, present and future impact of the consolidations, and create
solutions to problems discovered caused by such consolidations
 The Comptroller General and/or SEC will also explore such issues as (1) the role
and function of credit rating agencies in the operation of the securities market, (2)
the number of securities professionals (public accountants, investment bankers,
attorneys) who have been found to have aided and abetted a violation of securities
law and who have not been disciplined, (3) all enforcement actions by the SEC
regarding re-statements, violations of reporting requirements, etc., for the five year
period prior to the date the Act is passed, and (4) whether investment banks and
financial advisers assisted public companies in manipulating their earnings
(specifically Enron and WorldCom)
 TITLE VIII – CORPORATE
AND CRIMINAL FRAUD

ACCOUNTABILITY
To knowingly destroy, create, manipulate documents and/or
impede or obstruct federal investigations is considered felony,
and violators will be subject to fines or up to 20 years
imprisonment, or both
 All audit report or related workpapers must be kept by the
auditor for at least 5 years
 Whistleblower protection – employees of either public
companies or public accounting firms are protected from
employers taking actions against them, and are granted certain
fees and awards (such as Attorney fees)
 TITLE IX – WHITE-COLLAR
CRIME PENALTY

ENHANCEMENTS
Financial statements filed with the SEC by any public
company must be certified by CEOs and CFOs; all financials
must fairly present the true condition of the issuer and comply
with SEC regulations
 Violations will result in fines less than or equal to $5 million and /or a
maximum of 20 years imprisonment
 Mail fraud/wire fraud convictions carry 20 year sentences
(previously 5 year sentences)
 Anyone convicted of securities fraud may be banned by SEC
from holding officer/director positions in public companies
 TITLE X – CORPORATE TAX
RETURNS
 Federal income tax returns must be signed by
the CEO of an issuer
 TITLE XI – CORPORATE
FRAUD ACCOUNTABILITY
 Destroying or altering a document or record with the intent to
impair the object’s integrity for the intended use in a securities
violation proceeding, or otherwise obstructing that proceeding,
will be subject to a fine and/or up to 20 years imprisonment
 The SEC has the authority to freeze payments to any
individual involved in an investigation of a possible security
violation
 Any retaliatory act against whistleblowers or other informants
is subject to fine and/or 10 year imprisonment
 Key Sections
Section 302

 The CEO and CFO of each  Places responsibility for

issuer must prepare a internal controls directly on
statement to accompany the
audit report to certify the the financial officers.
‘appropriateness of the
financial statements and
disclosures contained in the
 Prior to the SOX Act, no
periodic report, and that those US company had a system
financial statements and of controls in place that
disclosures fairly present, in all would completely satisfy
material respects, the Section 302.
operations and financial
conditions of the issuer.
 Key Sections (cont.)
Section 404
 Requires each annual report of an issuer to contain an “internal control
report”, which shall:
 State the responsibility of management for establishing and
maintaining an adequate internal control structure and procedures for
financial reporting.
 Contain an assessment (yearly) of the effectiveness of the internal
control structure and procedures of the issuer for financial reporting.

 The most expensive and time-consuming Section of the SOX

Act.
 Who the Act Applies To
 All public companies in
the U.S.
 International companies
that have registered
equity or debt securities
with the SEC
 Plus the accounting
firms that provide
auditing services to
them.
 Costs of Sarbanes-Oxley
 In 2005
 $5.8 billion spent to comply up 5% from 2004

 AIG has spent about $300 million per year to

comply
 Section 404
 The costliest section
 Requires assertions on effectiveness of internal
controls over financial reporting
 What are Internal Controls?
 Safeguards that a company uses to monitor those who
make financial decisions
 Preventing employees from inflating travel expenses
 The process Dell uses to decide when a customer won’t pay
a bill and needs to take a write-off
 Documentation of control procedures related to IT
 Why is 404 so Expensive?
 The more complex the company the more controls are
needed
 SOX requires companies to dig deep and examine the
effectiveness of their controls
 Companies must set up independent audit committees
 Very time consuming and a drain on manpower
  An average of 70,000 man hours for large firms
 Then an external auditor must attest that it has been
done adequately
 And those auditors cannot do any other non-audit work
for the company
 How Expensive is 404?
Direct Costs
 Accounting and Audit Fees
 To manage this cost many companies are either outsourcing or
co-sourcing a number of audit functions

Large Companies (> Small Companies (<

$5 billion) $25 million)

Overall Costs $4.6 million $2 million

Internal Work 35,000 hours 1,150 hours

External Work 6,200 850

 How Expensive is 404?
Direct Costs (cont.)
 Boards of Directors and Audit Committees
 Boards and Audit Committees have increased the time spent
on corporate governance since the passage of the Act
 Directors are expected to have more input on company issues
 Personal liability insurance and consulting and legal fees have
risen
 31% of audit committees have hired outside advisors
 44% plan to do so in the next year
 Is It Worth the Cost?
 One company spent $1.2 million on controls
and found an employee who had stolen $5,000

 Companies have always accepted controls that

weren’t perfect
 Benefits
 Costs are “tangible, quantifiable, and immediate”
 Benefits are “intangible, harder to quantify, and long term”
 Michael Oxley: “How can you measure the value of knowing
that company books are sounder than they were before?”
 Paul Sarbanes: “It’s an investment for the future”
 Critics say that the companies are unearthing inefficiencies
 T/R Systems has begun to write off old inventory sooner to
comply with the law
 At an April meeting at the SEC it was said that the Act had a
“chilling” effect on the relationship between managers and
auditors
 Enron and Arthur Andersen
 Companies are Still Adjusting
 Inconsistency in future compliance costs
 Steelcase ($2.6 billion) and ACS ($3.8 billion)
required 20,000 hours to comply
 Dell ($35 billion) required 5,000 hours
 Mid-sized companies estimate costs from $10,000 to
$1 million
 Large companies estimate costs from $1 million to
$5 million. Some as high as $10 million!
 Other Effects
 Many of the large accounting firms have started
to lose their clients
 Companies have saved 25-50% in audit fees by
switching to smaller firms
 64% of Boards of Directors say that SOX has
changed their roles
 Costs Should Decrease Over Time
 A balance needs to be found between the costs
and the amount of controls
 Costs should drop off sharply in coming years
 Special rules may be added to assist smaller
companies
 Some Thoughts on Complying with
Sarbanes-Oxley
 “It’s so time consuming and laden with red tape that it’s like throwing
buckets of sand into the gears of the market economy” –
 Scott McNealy, CEO Sun Microsystems
 “As a general rule of thumb, any bill that passes the U.S. Senate 99-0
is probably a horrible idea”
 Patrick Byrne, CEO Overstock.com
 “A pain in the ass”
 Jeff Rich, CEO Affiliated Computer Services
 It’s like “chemotherapy” after removing the tumors of Enron and
Worldcom
 Gary Smith, CEO Ciena
Sarbanes at Work…