Sarbanes Oxley Act, 2002. Outline In this paper the Sarbanes Oxley Act with particular reference to the section 404 is discussed in detail. We shall start the paper with providing background information to the Sarbanes Oxley Act, 2002. This section explores the environment that spurred the creation of the act and the need for such legislation. The second section provides an introduction to the Sarbanes Oxley Act section 404 which explores the provisions of Section 404.
The next section on ‘Internal Controls Feature of section 404 of the Act’ provides an interpretation and the implication of internal control and the consequences that SOX 404 has on company affairs and the changes it has necessitated is discussed. The accounting profession and practice is affected by the provisions of SOX 404 and the future responsibilities and requirements of auditors and the possible difficulties are discussed in the ‘Auditing and the Impacts on Auditors’ section.
While the normal functioning of the company and the provisions of the section is clear, The ‘Other unanticipated events’ section of the paper explores the unknown and un thought of difficulties that will be encountered as in the case of a merger and other transactions between firms which will be affected by the provisions is explored with illustrations. There are areas in the law regarding transactions like an acquisition of a company and the application of this act which is not certain and the result could be undesirable from the point of view of both the parties when the provisions of the section is mandatory to both.
These issues are important and need be resolved at the earliest. The importance of IT cannot be stressed enough and the IT requirements that are a must in implementing the provision of the SOX act is explored I detail in the ‘Technology and system requirements’ section of the paper. A summary of the hallmarks of the discussion and opinions and arguments on the subject by eminent thinkers and views can be found in the ‘Criticism and Review’ and the Salient Features’ section.
The paper ends with a ‘Conclusion’ drawn on the impact of the section inferred from the information presented in the paper. SOX 404 Sarbanes Oxley Act of 2002: Background The Sarbanes-Oxley Act came at the wake of a lot of scandals and apprehension and there was a lot of media pressure in its enactment that was caused by the collapse of Enron. This act provides stiff punishments for those at the helm of companies and fines of over $5 million for violation of the laws. (Snedaker, 2006) The act is named after senator Sarbanes and Oxley who are the architects of the act.
Sarbanes-Oxley Act was meant to introduce regulation to corporate governance and financial accounting. The act brought in mandatory rules regarding the internal financial controls. (Romano, 2005) The Sarbanes Oxley act of 2002 was assented to by the President on 30th July 2002 and principally applies to the issues as stated in the securities act, that is public issues and companies with shares and securities subscribed by the public, and all companies with assets of over $10 million and all companies with over 500 security holders come under its purview.
The public companies, investment and securities traders, foreign companies, and others that trade securities at the national securities exchange are bound by the law. (Sonnelitter, 2005) There was an opinion current even before passing of the act that auditing was performing at low standards in U. S. public companies, and following that there came the act to reform accounting which was the ‘Investor Protection Act of 2002’ and the ‘Public Company Accounting Reform’.
The impact of the Sarbanes Oxley Act was more to form the Public Company Accounting Oversight Board — PCAOB that would then enforce the earlier accounting act. The addition was the mandatory disclosure required. (Coates, 2007) The act has long term and far reaching consequences, not only in the governance of the public companies, but also in the nature of auditing and the functions of auditors and financial controllers. There are requirements of many skilled persons from the accounting, auditing and Information technology to combine in bringing about the compliance of this provision.
The current problem with the regulations in this act is that the act on being passed had set mandates for compliance with its requirements and deadlines are set. (Romano, 2005) The provisions of section 404 which has mandated the change therefore will have to be studied in the light of all these requirements. Section 404 of the Sarbanes Oxley Act: Introduction There are eleven titles to the Sarbanes Oxley act and the orders for compliance fall under the sections 302, 302, 401, 404, 409, 802 and 906.
Of these sections section 404 deals with an important aspect of internal controls in corporate structures. (Romano, 2005) Section 404 is found under title IV. (Sonnelitter, 2005) The provisions of corporate governance (404) SOX was not a point of detailed debate. However there is an accusation that SOX being made mandatory is wrong. (Romano, 2005) The section 404 makes it mandatory for the company to establish and maintain a system that can control the internal activities of the company and financial reporting.
This comes as a directive for public companies. (Snedaker, 2006) The federal regulation of financial markets is always the result of market problems. There is a school of thought that maintains that the disclosures under the act could be made optional instead of mandatory. (Romano, 2005) The new requirements thus effectively verify if there are corporate procedures that create financial accountability and prevent frauds of the type that was created at Enron.
The need to make the financial transactions and the accountability of financial controls resulted in the act making it mandatory for the companies to publish information about its financial compliance. This new requirement is on the processes that go on inside the corporate entity and the process and controls in place, and evaluation is done with the financial performance and the compliance result. The law is a shift in the view process of corporate performance.
Now there are more expertise involved from a lot of specialized agencies for creating the reporting and compliance reports and making it possible in the first place. This involves information technology, Risk managers, business analysts and many others. All these agencies will have contributions to make in the internal control and its evaluation. The act made changes to the financial reporting to include reports both at quarterly statements and annual statements regarding the perceived efficiency of the ‘internal control’ mechanism of the company in the realm of financial reporting. Ramos, 2004) Internal Controls Feature of section 404 of the Act: The important features of section 404 of the SOX Act relate to the internal controls with regard to the structures of corporate firms. (Shanley, 2004) The internal control is defined in the act at rule 13 a- 15(f) as “the procedure which is being formulated by or based on the assessment of the said executive of the issuer and said financial officers/individuals having same responsibilities and the aim is to provide accurate financial reporting and financial statements for external issue.
The act also says that the internal control ought to have proper records showing all of the transactions held as well as the issuer’s assets and bring about required with regard to their veracity which pertains to the practice of general accounting, and to have a system so as to avoid the unauthorized disposal or funds acquisition on such lines so that it could have adverse impact on the funds of the company”. (Chew, 1993) The term internal control thus has a very broad meaning and will thus cover all activities of the company.
Section 404 makes it mandatory for the Chief Executives of the company and the financial officers to present a report after evaluating the internal control of the company with regard to financial reporting. This is to be filed in form 10K, which is to be submitted to the SEC on the annual date for submission. (Ramos, 2004) The regulations and the methods of following the procedure of financial accounting responsibility were clearly laid down by the authorities’ long back.
The Committee of Sponsoring Organizations — COSO issued regulations on internal controls as far back as in 1992. The internal control would have well laid policies, procedures and sets of rules that would be followed. This will be mandatory for the management and is expected to ensure that thee is a reliable financial reporting, and the operations of the company is efficient and resourceful. It will thus ensure that activities of the company are always lawful.
This internal mechanism will it is hoped, affect and improve the methods of analysing and storing data and information and also achieve a method of financial reporting along with efficiency in the operation processes of the company’s activities. The ignorance relating to internal controls and in the management model which is traditional, the absence of such type of internal control is considered to be the fundamental weak element. The auditing task could avoid the element of risk, which is considered to be one of the significant and important activity which would be the output relating to the entire process.
The benefit of the section 404 is that the efficacy relating to internal controls with regard to the company’s risk will become evident to the investor and will for a part of the financial report of the company. The enterprise reporting must thus be based on computing the risks of the enterprise. (Lin; Wu, 2006) Companies are now obliged to create corporate procedures that create financial accountability and prevent frauds. The law has brought in more requirements in terms expertise involved from a lot of specialized agencies one of the most important and critical function that will be the outcome of the process. Shanley, 2004) The public companies must comply with all the directives of the ‘Public Company Accounting Oversight Board – PCAOB’ and the SEC. There is a criminal liability in case of default. The risks of noncompliance are huge and can easily affect the company’s financial and operational structure. (Lin; Wu, 2006) This rule was made applicable to all pubic companies except the issuers of asset-backed securities and the registered investment companies.
Thus in the final form the guidelines state that the management of the company must provide a statement that shows the adequate internal control with regard to financial reporting, and the framework that is in place to assess the effect of the financial control with an assessment of the last financial year with a statement reflecting management to assess the efficacy of the internal control of the registrant with regard to reporting of financial statements. (Shanley, 2004) The benefit of the section 404 is that the efficacy of internal controls pertaining to the company’s risk will become evident in terms of the investor.
Although the procedure is costly for the company the investor will stand to gain from the new act, because the management of the company must provide a statement that shows the adequate internal control with regard to financial reporting, and the framework that is in place to assess the effect of the financial control with an assessment of the last financial year is available to the investor, now the investor will be in apposition to be informed and carefully invest after optimizing the risk rater than a hearsay type of investing.
In the company it has ushered in a better accounting and the management with upgrades in technology and competence, there will be a requirement for training and upgrading managers and staff to meet the contingencies of the proposed systems and controls. The Sarbanes Oxley section will help the companies on the other hand gain a lot of investment and support from the investors by providing a quality and timely information, with a competitive advantage. (Shanley, 2004) For the officer and the shareholder and those dealing with the company it ensures hat the financially literate directors at the helm and will have internal controls which make the company relatively safe. It is however to be noted that the act is for public companies and many companies have cut issues to escape the provisions of the act. The Auditing firms and the auditing process all have undergone vast changes in the process of how they work on account of the act. The auditors now have a prime role and a have a specific duty cast on them when the audit reports are presented.
To comply with the regulation it is now become a necessity that the auditors must first understand the internal framework of the company Thus they are now involved with the decision making of the company and are cast with greater responsibility. The act will bring about a lot of changes in the competency expectations of auditors and a need for them to upgrade their skills. The act has brought about a demand for restructuring the information systems including the IT structure and personnel training.
The IT manipulation is the principal method of effecting deceptions and the simplest provision of security and integrity where a huge volume of data is processed has necessitated the creation of a system and a method of devising the proper policy, for the IT operations. (Lin; Wu, 2006) The IT controls are very important in complying with the directives in the electronic age. This in turn will cause the employment of competent personnel and also training for the management in the IT and MIS process.
The truth is that since most companies do have an internal reporting system, the compliance is only a rework their existing framework stated in a new way. The controls over the IT systems the computers and operations, and limiting and controlling access, and security and integrity of data and the controls that govern the use of the system have all to be taken into account in redesigning the system. (Fox, 2006) Thus in the final form the guidelines has created a need in companies to create a structure within the existing financial system and incur expenses and also get the trained man power and provide for a better management of the company.
Complying with the act by itself will help the company avoid risk and also the internal control of the company with regard to reporting of financial matters. Now the financial statement which is audited in the yearly report need to also contain the attested internal control report and this will show the company’s affairs in a more clear a transparent light. Thus the act may have actually benefited the companies and could be a long term solution to the corporate governance needs. Shanley, 2004) The section 404 is thus a mandatory provision for an annual review of internal procedures and the evaluation of the controls for financial reporting. The annual report thus has to come with an assertion from the CEO or CFO which will affirm that they are being made responsible for maintaining and checking the internal financial controls, and the presentation of the evaluation of the controls and financial reporting process, and the assertion must also state that the company’s internal auditor has attested the managements evaluation.
All public companies have to comply with this law. (Shanley, 2004) Public companies are in a need to take several steps to comply. This will mean that the existing internal control will make the transition easier. All companies normally have some type of internal control. These often are seen vested with the board of directors, the CEO or a special steering committee. The use of software and other electronic analysis tools is becoming a must and the model for most companies is likely to be centred on the model of the ‘Committee of Sponsoring organizations of the Tread way commission – COSO’. Shanley, 2004)The COSO has divided the internal control into a) the controls for the environment, that is ethics, and competence enhancement of employees, followed by the assessment of risk, the risks that are perceived to hamper the business achieving its objectives. The next part is the control model where the internal activates that are undertaken to mitigate the known risks is charted out. The information and communication facility between the staff and management regarding the information that needs be passed on is assessed.
Lastly we have to have a monitoring session which will evaluate the whole internal control. Thus this is always an ongoing process and therefore all companies will have to create a special disclosure wing which will review the filings before the SEC and also undertake periodic review of the working of the internal controls. (Shanley, 2004) The benefits of this method of accounting are numerous. The Sarbanes Oxley section will help the companies gain the trust of investors, have high quality and timely information, save resources, and have a competitive advantage too.
The failure to comply with this recommendation on the other hand can expose the company to law suits, loss of public confidence, negative perceptions, and prosecutions from the SEC and above all the company may become the victim of a fraud. (Shanley, 2004) From the shareholder’s point of view the provisions of the rule ensures that the corporate entities do not indulge in unethical behaviour, and ensure financially literate directors at the helm and will have internal controls which make the company relatively safe.
Private companies are not legally obliged to comply with the Sarbanes Oxley act provisions, but they can voluntarily adopt some of the provisions of internal fiscal control. The public companies come under the purview of the act and the act is clear about the qualifications of the members of the management. It is not possible for a private company to adapt all the requirements. (Shanley, 2004) Auditing and the impacts on auditors Section 404 of the act is under the chapter ‘Enhanced Financial Disclosures’ at title four of the act.
The section briefly states that those companies that open issues must publish all information in the annual reports regarding the internal control mechanism its scope and adequacy and the structure and control regarding financial reporting the statements shall be assessed by an accounting firm. The Auditing firms have a large impact on account of this act. All companies are trying to cope with the provisions of this act. This will create a stress on the accounting companies in terms of labor and sourcing knowledgeable talent to cope up with the demand for the modern methods of audit and also the sheer volume of work.
The auditing firm has to perform its activities in a more structures and careful manner Care must be taken to store and keep all records intact because it is a very stringent requirement under the act. (McCarthy, 2004) This law has changed the situation for both the auditor and the company now the auditor has to certify the company’s internal controls which ill bar the use of some of the audit strategies. The cost of implementing the rules will be hiked for the company. Mccnnell; Banks, 2003) Auditors generally follow the risk factor by concentrating on the generally accepted accounting principles — GAAP, and automatically arrive at the results and strengths weakness and threats and the risks inherent in the inherent operations. The risks that they perceive will affect the reporting and major enterprise risks do not occur from inside. Major problems like the WorldCom and Enron problems had been the result of the risks that went unheeded in the processes of management and are clear examples of failures that were occasioned on account of lack of information systems and controls. Lin; Wu, 2006) In view of this fact and in view of the fact that auditors could also audit the compliance report, the SEC took the view that implementation of the sections 404 to item 308 of the Sarbanes Oxley Act that the firm ought to provide a report of internal control in the annual report of the company that needs to contain an assessment of the fiscal year of the previous year and the evaluated report relating to the company’s performance with regard to the reporting of ‘internal control’ of fiscal aspects. Goodman; Olson, 2002) The auditors have a specific duty cast on them when the audit reports are presented. Along with the finance audit report the compliance report also is to be attested and certified by the auditor. There are specific rules for issue of the certificate. The auditors finding must be worded to the effect that the company does not have any fraudulent activity and has a system in place to find any potential fraudulent activity. If a fraud does occur it will be a reflection that the measures are not in place and the company has not met the requirements of section 404.
Therefore the recommendation must always be to include a system for fraud assessment and a document of the specific controls that are present must be reviewed and audited by the auditors. (Sobel, 2007) Most of the organizations have already a system of audit in places that consist of internal audit and controls. This usually follows that COSO framework. The internal auditors now may be required to make additions and changes to the COSCO format and to document all internal controls and provide for a valid assessment.
The revised process thus will help meet the Sarbanes Oxley requirements without having to perform a major system overhaul. The existence of the company by its assets rights and physical inventory and the transactions occurrence records are important in assessments. The events must be complete at the time of assessment. The records must also show the internal obligations and obligations of all concerned. (Moeller, 2004) To comply with the regulation the auditors must first understand the internal framework of the company. Before the passing of this act, auditors may not have given any importance to this aspect.
Auditors could do to chose a minimum internal control review and then do a significant analysis to certify statements. With the coming of this act, the auditors must be through with the internal controls especially with financial reporting and thus are now obliged to asses the information flow systems, and the integrity verification protocols. All this doubles the work of the auditor and the auditor has to have a different set of advanced skills. The internal control report is where the auditing can begin as a first step.
The sections of the act covers the quarterly evaluations of internal control, types of the companies that must be audited and the functions of cost benefit analysis. The auditor has to be aware of these requirements while verifying and certifying the statements. (Kairab, 2004) No doubt there is a criticism of the new act, but even before the act and the widespread criticism on the reform and the accompanying controversies went under way, the auditing of the companies even before the passing of the act and in the normal scope of the audit was imperfect.
The law has actually brought about the importance of auditing and auditors and modified and enhanced their roles. (Defond; Francis, 2005) The audit statement must contain the general financial report and also must contain a statement relating to the responsibility of the management in creating internal control, and the identification of the framework in place, and the next is the assessment of the effectiveness of the system with the financial period, and the registration certification of the public account firm that certifies it.
This read with 302 will show that the certifying officers are the responsible persons to implement the system, and that the individuals have set up and designated controls over the system and are supervising it and all the changes that have occurred is within their knowledge. (Fox, 2006) So far as auditors are concerned, the evaluation of the controls forms an important element of their financial audit. Further the audit report generally provides the management with recommendations in strengthening the internal controls if it was considered to be of weak nature.
Now, if the report is to be used by the management, then it is mandatory for the auditor under section 404 to also approve of the opinions of the management based on the reports about the internal control and the effectiveness. This is wherein the matters concerning the conflict relating to interests between the auditors and the management and the company policies will surface. (Lin; Wu, 2006) The act will bring about a lot of changes in the competency expectations of auditors and a need for them to upgrade their skills. Other unanticipated events
There are some unanticipated business transactions like mergers and acquisitions that will pose a major problem in compliance with the SOX act especially section 404. For example the dealings of a company with another in terms of a merger can be affected only with the audit and compliance of financial accountability in both. There must be a merger of the systems too, which will be a complicated process. Those previously involved in Merger & Acquisitions deals were not concerned about internal controls. Usually internal controls were addressed after the merger was completed.
After SOX laws changed that and the controls of the target company can have a great adverse effect on the firm that is taking over because the acquiring corporations must disclose all weaknesses of the target since both the controls of the corporations are under the 404 rule. Thus the internal control changes will have to be now made even prior to acquiring a company and see that at the time of acquiring the company has complied with the SOX 404 mandate. (Anderson, 2006) Another problem area is the transfer pricing that will arise and is a part of the internal control process.
Section 404 does not mention transfer pricing but it is a part of the company’s internal controls. Transfer pricing can affect the accuracy of the reports in the financial statements. The transfer pricing is one area where mismanagement can occur and this is not specifically noted for the purview of the act. The transfer pricing can affect the report where the IRS or authorities abroad make adjustments with the transfer price, or penalties are involved. Inaccuracies can also come in where the nature of the product is such that tangible and intangible assets are involved, or aggregation of transactions can also have the similar effect.
Tax rates that vary at various places and the effect of treaties that oblige the company with tax relief also will cause complications. (Levey; Steven; Kerwin, 2007) It is to be remembered that the corporate problems Enron and WorldCom did not happen because of faulty accounting. They occurred because of management decisions and fraudulent conduct of officers. There could not have been a fraudulent financial statement. To blame accountants for the failure of the management is wrong. Financial statements stem from internal controls and that is one of the reasons that internal controls are in the ambit of audit now.
Actually business is made by the management systems and the accounting systems become the victims. It is therefore proper to consider extension of audit to cover all the major risks even outside the audit scope. (Lin; Wu, 2006) Technology and system requirements To meet with the requirements it is impossible to have any system that does not use the latest IT technology. To comply with the act and produce valid records that must be stored over time and also to make meaningful use of the data and provide for data integrity a well planned network and system is a must.
The information process is a set of sequential and ongoing process of recording and using the business activity data which entails many things like maintaining databases or master files, and having a provision to use the data effectively and producing proper reports for financial and management decisions, and will form a part of the accounting process if the accounting data is also incorporated. The correctness of data is crucial for financial reporting and therefore the process of data capture is the most important function of the technology that can be employed. Data manipulation is the principal method of effecting deceptions. The huge volume of data will always lead to erroneous financial report and interpretation. There must be in the first place, at the point of creating the system a method of devising the proper policy, rules and procedures called “input controls,” must be primarily established even before the system design could be talked of. The system for all the care taken can still have zones that are not taken care of or provided for and there are many heads of accounts that defy definition and cause uncertainties. Lin; Wu, 2006) Information technology and the use of software in reporting are of paramount importance in the compliance of the Sarbanes Oxley act provisions. The internal control can be achieved with IT solutions that help in implementing the controls. Today IT systems have automated most functions. Thus compliance programs need to consider system based controls The IT professionals are not well informed on the concepts of internal control and the structure of doing this is not yet in place.
The organizations IT structure must be redesigned after first understanding the requirements of the act, and then the IT environment must be mapped to see the supports in the financial process, the controls and processes in the system must be designed and proper documentation and test runs provided. The IT controls are very important in complying with the directives in the electronic age. In most cases the provider will only have to review the working process of the current system and remodel some modules to incorporate the requirements, since most companies do have an internal reporting system.
The controls over the IT systems the computers and operations, and limiting and controlling access, and security and integrity of data and the controls that govern the use of the system have all to be taken into account in redesigning the system. (Fox, 2006) The principal aim of creating a secure system must be to protect the financial processes of the company including the records from fraud and mishandling, and to ensure the data integrity the first steps must be to identify the risk factors, threats, and the weakness in the system which can be assess by a risk and vulnerability test followed by a business impact analysis.
The continuity planning of the business goes with the business analysis and this will also help identify the integrity of the internal controls. It is not predictable as to how far these systems are implemented in practice and how far it is implemented with a full understanding and the consequences as expected in the act. (Bullock; Haddow, 2006) In order to arrive at the proper system that will have to be in place, it is important to asses the process maps that can be created using the mapping software that are common for other standards like the ISO etc.
The process map tool that is provided by Microsoft for example can be used in the compliance of the section 404 process, since any quality related process can be summarized in this software, which integrates a number of regulatory features can be used. The requirements require the identification of risks, therefore a process mapping is done to see how the controls fit into the process, after which the risk is assessed, and a remedial system is incorporated. (Cobb, 2005) There can be errors that can cause information failures in analysis.
The internal controls must also take into account primary errors that may creep in and give a margin for the error. There are methods of minimizing errors with manuals and controls in the data pathway of the system. (Lin; Wu, 2006) Criticism and Review The act promises a long term effect to the investors and they will benefit from the absence of frauds and theft. There will be more transparency, accountability and the ethics will be followed in public companies. This effect will benefit the economy because the companies will now allocate resources in the optimum manner.
The section 404 is now being pursued aggressively. All the sections and the mandates of the act must be thus enforced vigorously. There must be some relief for the companies in spending for the compliance of the section. 21 Section 404 of the act is under the chapter ‘Enhanced Financial Disclosures’ at title four of the act. The section briefly states that those companies that open issues must publish all information in the annual reports regarding the internal control mechanism its scope and adequacy and the structure and control regarding financial reporting.
The statements shall be assessed by an accounting firm. The critics of the act point out that the cost of the Sarbanes-Oxley legislation – and the section 404, in particular have less effect on the market but are costly for the companies. This is so because of the fact that most issues are now taking place outside the United States where that act is not in force. Moreover there is a litigation tax and the cost of doing business in the US is higher than elsewhere on account of these policies. (Stewart, 2008) The control processes were earlier dictated by COSO.
The controversies like dealing with the loans of employees of Tyco or the dealing of insurance which is risk-free by AIG could all well be shown as the need for the legislation. This has happened because faulty transactions were streamed into the accounting process as genuine transactions and there was no system to find it because on the face of it appears genuine. It is an illustrative case of the business decisions becoming faulty because the financial reporting first failed due to the failures in control deficiencies of the operation processes.
The internal controls must be thus a concern for all operations management and not just for the accounting purpose. (Lin; Wu, 2006) Originally the congress enacted a legislation being the Financial Integrity act of 1982 pertaining to the Federal Manager which was considered to enforce the internal accounting control systems by means of the federal government and the internal control is now the integral part of any system. This is synonymous with the management control and the directives in the like manner for the public companies came with the Sarbanes Oxley act. United States Government Accountability Office, 2007) The second argument that is advanced is that the internal control was not considered to be formulated to be a solution for company ills. It is also argued that the ‘Foreign Corrupt Practices Act of 1976 – FCPA’ already has defined the tasks of the “corporate management with regard to the formation of an efficient internal control system. Thus the corporate governance task by means of the internal control has been made compulsory from then onwards. (Lin; Wu, 2006) So in simple terms, the Section 404 is another form of enforcing the ‘Foreign Corrupt Practices Act’. The failure of that act must have made the legislators rethink the issue of this act. The section 403 needs disclosure relating to transactions which involve management as also the principal stockholders within the time period. Further Title IV argues for corporations to involve in increased financial disclosures. What will be the effect of this on executives of a pubic corporation is a moot question. Loomis, 2003) Thus in the final form the guidelines state that the management of the company must provide a statement that shows the adequate internal control with regard to financial reporting, and the framework that is in place to assess the effect of the financial control with an assessment of the last financial year with a statement reflecting management to assess the efficacy of the internal control of the registrant with regard to financial reporting. The financial statement in the yearly report which is audited must also be attested by the auditor over the internal control and financial reports.
The first mandate for compliance was set at November 2005. Thus those companies that had to comply with the SOX act automatically were also liable to comply with the regulations of the SEC. Lastly the SOX act appears to be an attempt by the officials to simply give a solution when the problem becomes pressing rather than to find a long term solution to the problem. Conclusion We have to take into account the criticism and the plus points of the act to arrive at a valid conclusion.
One of the important facts that we cannot over look is that the act has left out the problem of the unanticipated business transactions like mergers, and acquisitions that will pose a major problem in compliance. Those previously involved in Merger & Acquisitions deals were not concerned about internal controls. Now this will shift the paradigm and mergers and acquisitions may become costly propositions and there may arise some inequality and this will also be the case with transfer pricing. The problem in Enron and WorldCom are a result of management decisions more than financial accounting.
In spite of the provisions of this act frauds and other problems cannot be ruled out entirely. In that context we can consider to see if the act itself needs some more tuning. For one thing, we may say that there must be an extension of time at least to another two years fro the corporate structure to be in place and the auditors and the others involved to become competent. Till such time the act must not be made mandatory. We have also to consider the IT necessity and the overall demands that it may make on the system.
Thus we can conclude that section 404 is a turning point in corporate governance and that there must be some more time provided for the compliance at least in stages. References Anderson, David R. (2006) “Modern Business Statistics” Thomson South-Western. Bullock, Jane A; Haddow, George. (2006) “Introduction to Homeland Security” Butterworth-Heinemann. Chew, Pat K. (1993) “Directors’ and Officers’ Liability” Practicing Law Institute. Coates, John C. (2007) “The Goals and Promise of the Sarbanes–Oxley Act” Journal of Economic Perspectives, vol. 21 no. 1, pp: 383-425. Cobb, Charles G. 2005) “Enterprise Process Mapping: Integrating Systems for Compliance and Business … ” American Society for Quality. Defond, Mark. L; Francis, Jere. R. (2005) “Audit Research after Sarbanes-Oxley” Auditing: A Journal of Practice & Theory, vol. 24, pp: 5-30. Fox, Christopher. (2006) “IT Control Objectives for Sarbanes-Oxley: The Role of IT in the Design and … ” ISACA. Goodman, Amy L; Olson, John F. (2002) “A Practical Guide to SEC Proxy and Compensation Rules” Aspen Publishers Online. Kairab, Sudhanshu. (2004) “A Practical Guide to Security Assessments” CRC Press.
Levey, Marc M; Steven, C. Wrappe; Kerwin, Chung. (2007) “Transfer Pricing Rules and Compliance Handbook” CCH. Lin, Heng Hsieu; Wu, Frederick H. (2006, Mar) “Limitations of Section 404 of the Sarbanes-Oxley Act” The CPA Journal, vol. 27, no. 1, pp: 14-16. Loomis, Erik. (2003, Jan) “Sarbanes-Oxley Act” Business law Journal, vol. 46, no. 2, pp: 23-26. Mccarthy, Ed. (2004) “Tips for the Sarbanes-Oxley Learning Curve: The Act Has Brought More Complexity to Firm Management; Here’s Some Broad-Based Help” Journal of Accountancy, vol. 197, no. 2, pp: 17-20. Mcconnell, Donald K; Banks, George Y. 2003) “How Sarbanes-Oxley Will Change the Audit Process: CPAs Will Have to Develop New Procedures and Scrap Some Old Ones” Journal of Accountancy, vol. 196, no. 2, pp: 36-38. Moeller, Robert R. (2004) “Sarbanes-Oxley and the New Internal Auditing Rules” John Wiley and Sons. Ramos, Michael J. (2004) “How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness … ” John Wiley and Sons. Romano, Roberta. (2005, May) “The Sarbanes-Oxley Act and the Making of Quack Corporate Governance” The Yale Law Journal, vol. 114, no. 7, pp: 1521-1522. Shanley, Richard P. 2004) “Financing Technology’s Frontier: Decision-Making Models for Investors and … ” John Wiley and Sons. Snedaker, Susan. (2006) “Syngress IT Security Project Management Handbook” Syngress. Sobel, Paul J. (2007) “Auditor’s Risk Management Guide: Integrating Auditing and ERM” CCH. Sonmelitter, Robert J; (2005) “Miller Sox 404 for Small, Publicly Held Companies: Internal Control … ” CCH Tax and Accounting. Stewart, Evan. C. (2008, Feb) “The False Promise of Reform” The New York Law Journal, vol. 27, no. 2, pp: 77-81. United States Government Accountability Office. (2007) “Financial Management” DIANE Publishing.