What is the Sarbanes-Oxley Act Of 2002 - SOX

The U.S. Congress passed the Sarbanes-Oxley Act of 2002 on July 30, 2002 to protect investors from the possibility of fraudulent accounting activities by corporations. The SOX Act of 2002, also known as the Corporate Responsibility Act of 2002, mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud.

The Act was in response to accounting malpractice in the early 2000s when public scandals such as Enron Corporation, Tyco International plc and WorldCom shook investor confidence in financial statements and demanded an overhaul of regulatory standards.

1:44

Sarbanes-Oxley Act Of 2002 – SOX

BREAKING DOWN Sarbanes-Oxley Act Of 2002 - SOX

The rules and enforcement policies outlined by the SOX Act of 2002 amend or supplement existing legislation dealing with security regulations. The Act swept reforms in the following four areas:

  1. Corporate Responsibility
  2. Increased Criminal Punishment
  3. Accounting Regulation
  4. New Protections

Section 302 and 404 of the Sarbanes-Oxley Act of 2002

There are two key provisions of the SOX Act of 2002, Section 302 and Section 404.

Section 302 of the SOX Act of 2002 is a mandate that requires senior management to certify the accuracy of the reported financial statement.

Section 404 of the SOX Act of 2002 is a requirement that management and auditors establish internal controls and reporting methods on the adequacy of those controls. Section 404 has very costly implications for publicly traded companies as it is expensive to establish and maintain the required internal controls.

Section 802 of SOX

Section 802 of the SOX Act of 2002 contains the three rules that affect record keeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific business records that companies need to store, which includes electronic communications.

Besides the financial side of a business, such as the audits, accuracy and controls, the SOX Act of 2002 also outlines requirements for information technology departments regarding electronic records. The Act does not set forth a set of business practices in this regard but instead defines which company records need to be stored on file and for how long. The standards outlined in the SOX Act of 2002 do not specify how a business should store its records, only that it's the IT department's responsibility to store them.