Penalties and Requirements under Title VIII of the Act
It is a felony to knowingly destroy or create documents to “impede, obstruct, or influence” any existing or contemplated federal investigation.
Auditors are required to maintain “all audit or review work papers” for five years.
A statute of limitations on securities fraud claims is extended to five years from the fraud and two years after the fraud was discovered, from three years and one year, respectively.
Employees of issuers and accounting firms are extended “whistleblower protection” that would prohibit the employer from taking certain actions against employees who lawfully disclose private employer information to, among others, parties in a judicial proceeding involving a fraud claim. Whistleblowers are also granted a remedy of special damages and attorney’s fees.
Penalties and Requirements under Title IX of the Act
Maximum penalty for mail and wire fraud increased from five to ten years. (more…)
Popularity: 24% [?]
1. According to a McKinsey Study, investors in North America and Western Europe will pay a premium of 14 percent for companies with good governance
2. The difference in stock market value for companies that had good internal controls versus those that did not is 33 percent.
3. AMR Research predicted that companies would spend $29.9 billion on compliance initiatives in 2007 alone, up 8.5 percent from the previous year, indicating that GRC spending continues to grow as companies cope with the myriad challenges in this area. (more…)
Popularity: 21% [?]
1. A better control environment, where executives set the tone for ethical behavior and employees follow suit
2. Facing the mountain of documentation required by SOX means making improvements to procedures and employees’ understanding of these procedures
3. The Audit Committee takes its role seriously
4. Functions converge, processes become streamlined and standardized
5. The reduction of needless complexity (more…)
Popularity: 13% [?]
302: The CEO and CFO are directly responsible for the accuracy, documentation, and submission of all financial reports, as well as the internal control structure to the SEC.
(Translation: The CEO and CFO are on the hook for making sure the company’s financial reports sent to the US Securities and Exchange Commission are right. We talk more about Section 302 in a bit.)
401: Financial statements must be accurate, without any incorrect information, and include all off-balance sheet liabilities, obligations, or requirements.
(Translation: It is no longer possible for companies to hide any information that might affect their share price if it became common knowledge. They must present their true face to the world, warts and all.) (more…)
Popularity: 20% [?]
The Sarbanes-Oxley Act has many provisions. Sections 101, 302, 404, 409, and 906 are the key sections with relevance and impact on information services departments.
Section 101
In section 101, the PCAOB is established as the governing agency to create auditing standards and rules for public companies. In addition, the PCAOB is given the authority to regulate the accounting firms that audit public companies. The rules issued by the PCAOB and approved by the SEC are referred to as Auditing Standards.
The primary guidance from the PCAOB in regard to auditing internal controls is provided in Auditing Standard No. 2, effective June 17, 2004, entitled, “An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements.” We will explore Auditing Standard No. 2 later in this chapter.
Section 302
Section 302 specifies the legal responsibilities of the company’s CEO and CFO. According to the Sarbanes-Oxley Act, the CEO and CFO are responsible for all internal controls and for reporting quarterly on any significant changes to internal controls that could affect the company’s financial statement. Basically, these two officers must personally certify that they are responsible for and knowledgeable about all financial statements submitted quarterly and annually. They also must certify that they have knowledge of the design and have evaluated the effectiveness of all internal controls and that these controls ensure that complete and accurate information is reported to them. Significant changes to disclosure controls and any deficiencies, weaknesses, or fraudulent acts that may compromise the accuracy of reporting must be disclosed. (more…)
Popularity: 12% [?]