Understanding Sarbanes-Oxley


October 2, 2022

In 2002, the federal government passed the Sarbanes-Oxley Act, which established sweeping auditing and financial regulations for public companies. This law was created to protect shareholders, employees, and the public from accounting errors and fraudulent financial practices. Also known as SOX, the Sarbanes-Oxley Act works to improve the reliability of financial reporting from public companies. This helps restore investor confidence in public businesses despite the rise of high-profile cases in corporate crime in 2002.


Why is the Sarbanes-Oxley Act Needed?

In the 21st century, corporate scandals were becoming commonplace in the business sector of the United States. These scandals involved some of the largest corporations in the United States, such as Enron Corp, WorldCom, and Tyco. The resulting scandals brought to light fraudulent practices, falsified business records, and the theft of millions of dollars from public companies.

The SOX act was passed to prevent companies from participating in intentional accounting errors and false financial reporting and to hold public companies accountable for their actions.


How Does the Sarbanes-Oxley Act Work?

The SOX Act works closely with pre-established laws concerning security regulation of public companies and some private companies, including non-profit organizations. The SOX act added four additional principles to the already established law pertaining to trade and public business:

  • Establishing corporate responsibility
  • Increased criminal punishment
  • Accounting regulations
  • New protections for employees on reporting fraud


Establishing Corporate Responsibility

Section 302 of the Sarbanes-Oxley Act enforces senior corporate officers certifying in writing that their company’s financial statements comply with the United States Securities and Exchange Commission’s disclosure requirements. All materials must be presented in the report concerning the company’s or issuer’s operation and financial condition. Any corporate officers who sign off on the financial statements acknowledge that all of the information in the financial statements is true and accurate. If it turns out it is inaccurate, then that officer is subject to criminal penalties, including prison time.

Section 404 of the SOX Act requires that management and auditors establish internal controls alongside reporting methods that allow for greater accuracy in reporting financial statements.


Accounting Regulations

Section 802 of the Sarbanes-Oxley Act creates three new rules dealing with public companies’ recordkeeping. These rules are as follows:

  1. The destruction and falsification of records are strictly prohibited. Anyone who does so can be fined up to a 20-year sentence in prison.
  2. The retention period of a company’s financial records is seven years.
  3. Business-specific records, such as sales transactions, electronic communications, and audits, must be saved and stored.


Why Does the Sarbanes-Oxley Act Matter for My Business?

The SOX Act enforces that companies need to store all financial records, business records, and electronic communications to ensure compliance with the Securities Exchange Act. To store those records, many companies are turning to electronic records.

While electronic records are a great way to keep all of your company’s important information, this creates an opening for hackers to get a hold of these records as well. As part of the SOX Act, your company needs an IT department that will not only be responsible for storing this sensitive information but also ensure that it will be protected. While larger businesses may have a well-built IT team under their belts, this option can be costly and time-consuming for small businesses.

We're Integris. We're always working to empower people through technology.

Keep reading

Small Business Cybersecurity Guide: Tips from Top Consultants

Small Business Cybersecurity Guide: Tips from Top Consultants

If you've been putting off cybersecurity investments for your small company, the time to invest is now. There's never been a more critical time to address your small business cybersecurity. Consider these facts: The average cost for a data breach for a US company in...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...