Simplifying the Core Sections of the Sarbanes-Oxley Act

• Date: May 24, 2010
• Source: Admin

Section 101

With an intention of overseeing and regulating audits of public companies, Sarbanes–Oxley created an exclusive quasi-public institution, the Public Company Accounting Oversight Board (PCAOB). In section 101, SOX has established the PCAOB as a governing agency with the authority to create auditing standards and rules for public companies. As per the SOX Act, rules that are issued by the PCAOB and approved by the SEC will become the Auditing Standards.

Section 302

This section of SOX deals with 'Corporate Responsibility for Financial Reports'. In this section, a great deal of responsibilities has been assigned to the CEOs and CFOs of the company. As per the SOX Act, responsibilities of the CEOs and CFOs range from internal controls, quarterly report to preparing financial statement.

In section 302, role of the external auditor over financial reporting has also been described. It states that the external auditor has to assess internal controls to decide whether any modifications are to be done. This section indicates certifications that are meant to be present in the Periodic statutory financial reports:
 

• The reports have to be reviewed by the signing officers
• The report should not contain any untrue or misleading statements
• The report should contain a list of all deficiencies in the internal controls and information on any fraud that involves employees who are involved with internal activities
• Significant changes in internal controls that can have a negative impact on the internal controls are to be mentioned in the report

As mentioned in the Act, organizations should not neglect these requirements by reincorporating their activities or transferring their activities outside the United States.

Section 404

This section is listed under Title IV of the act (Enhanced Financial Disclosures), and deals with ‘Management Assessment of Internal Controls'. Under this section, the CEO and CFO are assigned with the task of ensuing that internal controls are in place, documented, and effective. More specifically, the Act requires all public companies to create measures to evaluate design & effectiveness of internal controls and also to find out material weaknesses disclose acts of fraud. In short, 404 requires -  
 

1. Management to become responsible for upholding enough internal control over financial reporting.
2. The independent auditor must attest to and report on management's assessment of the company's internal control over financial reporting.

Management assessment contains four parts. The first three parts cover the following:
 

• Responsibility of management for the existence and rigidity of internal controls
• Evaluation of the effectiveness of internal controls
• Statement of the framework used to evaluate the effectiveness of controls
• External auditor. As per the Act requirement, company’s external auditor must individually and separately attest that management’s statement regarding the effectiveness of internal controls.

Section 409

This section is listed within Title IV of the act (Enhanced Financial Disclosures), and named as 'Real Time Issuer Disclosures'.

According to the section, CEOs and CFOs are responsible to ensure “rapid and current public disclosure” of any material event that could affect the company’s financial or operational performance. These disclosures are to be presented in ways that are easily understandable. Taking support of trend and qualitative information of appropriate graphic presentations are also acceptable.

Section 906

This section is divided in three parts.

First, every periodic financial report must be certified and accompanied by a written statement of the CEO and CFO.

Second, content of the report should fairly represent the financial condition of the company.

The third and last section speaks of fines and imprisonment penalties for submitting a false statement, either knowingly or unknowingly. It also sets criminal penalties for failure of corporate officers to certify the financial reports in a timely manner-60 days after end of year in 2004, 45 days after end of year in 2005, and 30 days after end of year in 2006.

A vivid and clear understanding of all these sections certainly will help the management of a company and auditors to comply with this act in a more efficient and less time consuming way.