SOX

From Training Material
Jump to navigation Jump to search


title
SOX
author
Bernard Szlachta (NobleProg Ltd)

Sarbanes-Oxly Act ⌘

  • Response to Enron and Worldcom
  • Protests shareholders by putting more restrictions on the management and transparency on financial reporting
  • Effects only Publicly traded companies
  • More rule-based (as oppose to principles-based

SOX three key principles ⌘

  • Integrity
    • Integrity in finacial records (complete and representative)
  • Reliability
    • Information reported is reliable and accurate
  • Accountability
    • Corporate executives are answerable for breaches of information integrity and reliability.

SOX Compliance ⌘

  • all publicly traded companies in the US
  • whole-owned subsidiaries of a US corporation
  • Non-US companies publicly traded on US markets through American Depository Receipts (ADR)

Compliance requirements ⌘

  • information is valid and truthful
  • CEO and CFO verify the data and accept accountability for any errors
  • companies maintain accoutting framework (includes internal control)
  • executives assume responsibility for the establishment and maintainance of the framework

Consequences of noncomplainace ⌘

  • CEO is responsible
  • CEO and CFO are liable to financial penalties and potential incarceration
  • Not wilful deceit: 1mln and up-to 10 years in prison
  • Intentional wrongdoing: $5mln, up to 20 years in prison

SOX of 2002 Sections ⌘

Section 201 - Audit Firm Conflict of Interest, No Consulting Except Tax
  • Consulting was more profitable than auditing services
  • Response to Arthur Andersen
  • PWC sold consulting division to IBM
Section 203 - Five-Year Rotation of Audit Forms
One company checks the accounts of another
Section 204 - Auditor Reports to Audit Committee of Board
Auditors finding should not be buried at lower levels of an organization
Section 206 - CXO Conflict of Interest, One Year Removed from Audit Firm
Removed a common practise of auditors jumping to their clients

SOX of 2002 Sections ⌘

Section 302 - CEO and CFO Liable for Certifying Financial Results
CEO cannot use ignorance as an excuse
Section 306 - No Insider Trading During Blackout Period
prevents executives from trading shares based on insider information not available to other shareholders
Section 401 - Off-Balance-Sheet (OBS) Obligations and special Purpose Entities (SPEs)
prevents companies to hide financial losses
Section 402 - No Personal Loans to Executives
Personal Loans are not tax (it is not an income)
Section 403 - 48-Hour Notice of Executive Stock Transactions
prevents backdating stock options
before, companies did not have to declare option grants for weeks

SOX of 2002 Sections ⌘

Section 404 - Internal Control Attestation
most controversial
controversy comes with interpretation (see Audit Standard Number 2 - PCAOB AS2)
AS2 has been created as a part of SOX
see more TODO put link here
Section 409 - Real-Time Disclosure of Material Changes
timely notification of material events
Section 806 - Whistle-Blower Protection
removes excuses for remaining silent when fraud is dectected
Title VIII and Title IV - Five-Year Data Retention by Auditors and Hard Jail Time ==
destroying data can result in jail term

Section 401 Requirements ⌘

  1. "Listing of off-balance-sheet (OBS) arrangements, transation and obligations (including contingent obligations) that may have a material effect, current or future on:
    • Financial conditions
    • Changes in financial results in operations
    • Liquidity capital expenditures
    • Capital resources
    • Significant components
    • Revenues
    • Expenses
  2. Disclosure of "the nature and business purpose of the OBS arrangements, why and how they are needed in running a business"

Section 404 ⌘

  • Internal controls include:
    • policies
    • procedures
    • training programs
    • other processes beyond financial control
  • Internal controls also include:
    • "the safeguarding of assets against unauthorized acquisition, use, or disposition"
    • companies need to document and test the adequacy of these internal process controls as well
  • SEC used COSO for understanding of internal controls
  • COSO defines internal control as 2 a process, affected by and entity's BoD, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories:
    • Effectiveness and efficiency of operations
    • Reliability of financial reporting
    • Compliance with applicable laws and regulations
  • Some claim that COSO ERM framework is outdated

Section 409 Details ⌘

  • "real-time issuer disclosure.. on a rapid and current basis"
  • reporting of material events, which affects financials reporting
  • timely and real-time = four days
  • uses 8-K form via EDGAR
Events requiring reporting
  • change in control, significant acquisition or a bankruptcy
  • entry or termination of a material agreement not made in the ordinary course of business
  • termination or reduction of a business relationship with a customer that constitutes a specified amount of the revenues
  • creation of a direct or contingent financial obligation material to the company
  • events triggering a direct or contingent financial obligation material to the company (including default or acceleration of an obligation)
  • exit activities (including material write-off or restructuring)
  • any material impairment
  • change in a rating agency decision, issuance of a credit watch, or change in a company outlook
  • changing listing status (moving exchange, de-listing, etc...)
  • changes in the status of previously issued audit report
  • material limitations, restrictions or prohibitions (lockout periods, employee benefit, retirement and stock ownership plans)