Insights & Expertise

5 Key Takeaways After 20 Years of Sarbanes-Oxley

by Emmalee Eckstein

a group of business workers talking in a room

The Sarbanes-Oxley Act of 2002, or SOX as it is known in the financial world, is a federal law that established sweeping auditing and financial regulations for public companies. Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices, which were rampant in a post-9/11 economy with several prominent public company accounting scandals including Enron, WorldCom and Cendant. 


To explore the effects of SOX on business, Saint Joseph’s Haub School of Business’s accounting department along with the Pedro Arrupe, S.J., Center for Business Ethics, hosted a lively panel discussion, moderated by Adjunct Professor of Accounting and the FBI’s current Assistant Director of Internal Auditing, Mark Gerber ’82, with SJU finance and accounting alumni as well as key players in the industry


Here are five key takeaways from this meeting of the financial minds on how SOX has impacted finance:


1. Ensured Auditor Independence


“Auditors of public companies are really gatekeepers for its investors,” says Mary Jo White, former chair of the U.S. Securities and Exchange Commission (SEC) and current partner at Debevoise & Plimpton LLP. “Our market’s honesty and integrity relies upon its auditors, which is why we want them to be truly independent.”


According to White, SOX forced public companies to address conflict-of-interest issues in the hiring of auditors by empowering audit committees to oversee the management of those auditors who were brought on board. SOX even includes a provision requiring the auditor or engagement partner to rotate every five years to reinforce their independence and prevent any alliances with management.


“These measures ensure the auditor’s independence really bolster the robustness of every audit’s integrity,” White continued. “Shareholders could be confident that financial statements and disclosures of any public companies were verified by an independent auditor with no personal interest in the information therein.”


2. Required Accountability of Leadership


After SOX was enacted, the effects and adjustments went beyond each company’s accounting teams. In section 302, SOX requires senior leadership as a signatory on each and every financial statement, acknowledging any and all material changes to the company’s control structure and taking accountability for them. 


“The signature requirement really created a powerful incentive for transparency and accountability,” remarks Joseph Wolk ’88, executive vice president and chief financial officer at Johnson & Johnson. “I go through this exercise each quarter and signing my name is a stark reminder of my own ownership and responsibility for these important disclosures.”


Before SOX, these executives were not required to take responsibility for those statements and, in Wolk’s view, they always should have been. 


“Standing behind our statements is like standing behind our core principles as a company,” Wolk says. “These financials are firmly embedded within Johnson & Johnson. From the board to the executive team down through all levels of the company, we’re going beyond concerning ourselves with just trademarks and patents. Section 302 really underscores the mindset of building ‘trustmarks’ as well.”


3. Implemented Internal Controls Around Financial Reporting


The most infamous edict within SOX lies in section 404, according to Reese Blair ’98, audit partner at Deloitte. Section 404 is a mere 180 words long, but still manages to be split into three parts, each of which sent shockwaves through the business world. 


“Section 404 ultimately created a seismic shift in how management establishes and maintains effective or adequate internal controls around financial reporting in that they now had to certify those controls,” explains Blair. “Independent auditors like myself are then required to opine on the effectiveness of those internal controls and the procedures that are followed by companies related to financial reporting.” 


Having to issue two opinions — one asserting the financial statements are not materially misstated and another certifying the operating effectiveness of internal controls used to generate those financial statements — inherently increases the level of accountability around that certification for both management and auditors. 


4. Instated Government Regulation via the Public Company Accounting Oversight Board (PCAOB)


Independent auditors did their fair share of adapting to SOX’s new guidelines as well. Most notably, they went from being self-regulated to being government-regulated through the PCAOB. 


The best way to see the effectiveness of the PCAOB’s oversight is through restatements, says James Kaiser ’79, former PCAOB board member. Financial restatements are made when a company needs to revise one or more of their previous financial statements to correct an error. 


“In 2006 we were looking at over 1,800 restatements from public companies,” shares Kaiser. “In 2019, we only had 85. So we’re at an all-time low for restatements, which means an all-time high for audit quality.”


Auditing firms are now required to register with the PCAOB in order to perform audits for public companies, which also does all the standard-setting for how these audits are conducted. Previously, auditing standards were set by the industries in which they were being done. 


In addition, audit inspections are now conducted via the PCAOB when they were previously conducted by auditor peers. 


“One of the biggest impacts [of the PCAOB] has been more aggressively holding partners' engagement teams accountable for performing quality audits,” remarks Kaiser. “Today, there are monetary penalties for firms that don't perform quality audits.”


If firms continue to earn penalties over time, the PCAOB eventually relinquishes them of their auditing privileges.

 
5. Benefits Have Far Outweighed the Costs


“Sarbanes-Oxley is, by far, one of the most important pieces of legislation that has ever happened in the financial securities arena,” declares White. “There has been such great significance in what SOX has done for auditor independence and the integrity of financial statements.”


And while these improvements have been widely recognized across the business world, smaller companies have struggled to keep up with the costs of maintaining this integrity. 


“I think there was probably a legitimate criticism that the PCAOB might have been doing a little bit too much on the attestation piece,” admits White. “The cost of auditing skyrocketed because the auditor needed to pass the PCAOB inspection.” 


But, at the end of the day, all agree that the benefits of SOX have far outweighed its costs. In order to maintain these benefits, however, Blair reinforces that each company’s culture needs to prioritize these ethical values. 


“There needs to be an unwavering commitment from management — a true tone at the top — that sets the stage for these regulations,” explains Blair. “When internal controls are infused into the philosophy or the ethos of a company's culture, the benefits in relation to the costs are immeasurable.”