Sunday, July 30 marks the 15th anniversary of the enactment of Pub.L. 107-204; also known as the Sarbanes-Oxley Act or SOX. Introduced as the broadest-sweeping legislation to affect corporations and public accounting since the 1933 securities act, SOX made a significant impact on audit, accounting, and financial reporting practices in public corporations, worldwide. It also provided a wake-up call for private companies, and believe it or not, it has become a standard for nonprofit organizations as well.
The Ethics & Compliance Initiative (ECI) was privileged to have Mike Oxley – the “OX” part of SOX – serve as chairman of our board of directors for almost 7 years, until his untimely death in 2016. I got to know Mike well, and because of that, I am often asked for my perspective of the importance of the legislation that is a big part of his legacy. On this milestone anniversary, I’d like to share a few thoughts about the impact of SOX and its lasting impact.
First, SOX increased the veracity of financial statements, and put boards and business leaders on notice as to their accountability should fraud occur. SOX changed the composition of board audit committees by defining the experience that was required to serve as a member, and by encouraging committee members' independence and knowledge. It’s also not a big stretch to think that because of SOX most CEOs and CFOs now take a moment to pause before they sign their names to their company financial statements. Additionally, it is impressive to see the number of procedures and internal controls that companies have implemented due to the SOX requirements to ensure that their statements are correct.
Second, SOX improved the quality of the audit process. Not only did it mandate that companies change audit partners on a regular basis to ensure objectivity; SOX also radically impacted the function of external auditors themselves. A new standard of independence was applied, modifying the services that an audit firm can provide to a client and the relationships that individual auditor can have. SOX also increased the reporting requirements of the auditor to the board audit committee, and it also established the Public Company Accounting Oversight Board (PCAOB) which is now the rule-making and enforcement arm for the auditing world.
Third, the Act made a bold statement about the importance of whistleblowers. SOX mandated the establishment of a confidential and anonymous reporting system for the receipt, resolution and retention of information related to misconduct. The mandate also provided new protections for individuals who report suspected fraud and abuse, and it also imposed criminal penalties on employers who retaliate against those who “blow the whistle.”
Finally, SOX was the spark that ignited an industry. An ethics & compliance community existed before SOX was enacted, but it exploded after the bill became law. Compliance functions grew exponentially inside corporations, and with that came a greater need for support. As a result, ethics & compliance became professional career path; organizations like ECI expanded to provide continuing education and networking opportunities; and many service providers and consultants were established to help companies comply with the law. Many of us look at the industry now and point to the enactment of SOX as a watershed moment for our field.
Of course, SOX is not without its shortcomings. The Act ushered in what critics have called an overly restrictive regulatory environment in US financial markets, and the internal cost of compliance for any one company is substantial (and arguably onerous). Auditing firms continue to struggle with the extent to which they must ensure their independence, and there are even opponents to some of the provisions for the protection of whistleblowers. Most importantly to me, while SOX has been an important contributor to the growth of “compliance” inside corporations, by its very nature it does not (and cannot) ensure the strengthening of ethical culture. Based on ECI’s ongoing research, a strong ethical culture is the biggest factor in reducing the likelihood that financial fraud will occur.
So was the enactment of SOX a good thing? If Mike were here, he would offer an emphatic “yes.” He was proud that the United States had not seen financial fraud on the scale of Enron since the bill became law. Since inception, SOX has been augmented by Dodd-Frank and refined by case law. Sox also increased public awareness of the importance of compliance, strengthened corporate oversight and internal controls, and boosted the quality of the work of the ethics & compliance industry. For all these reasons, I would agree with Mike that SOX has been a good thing. His family should continue to be proud for the contribution he made.
As a final note, ECI’s friends at the Center for Audit Quality (CAQ) have partnered with the SEC Historical Society to create a video series in commemoration of the anniversary of SOX. The series provides a wealth of information about the act and its impact.
Happy anniversary, SOX. Thanks Mike, for this important contribution. We miss you.