The Sarbanes-Oxley Act of 2002 was signed into US law on July 30, 2002, in response to corporate accounting and financial reporting scandals such as Enron, WorldCom, Adelphia, Global Crossings and a host of others.
At one stroke, the US Congress greatly expanded the responsibilities of audit committees of corporate boards of directors; prohibited international accounting firms from providing a vast array of management consulting and other professional services to any of their audit clients registered on US exchanges; mandated sweeping new certification requirements for directors and officers of US registrant corporations; obligated public accounting firms to attest to some of these new representations; and provided, some would say, draconian criminal and civil penalties and sanctions for companies and their officers that violate US securities laws and regulations.
According its preamble, the Act was legislated "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes." One of these "other purposes" is to extend the reach of US law, and the regulatory authority of the US Securities and Exchange Commission (SEC) to foreign corporations registered on US stock exchanges. European corporations, their directors and officers, and their independent auditors and legal advisors would be wise to understand, and prepare for, the New World of Sarbanes-Oxley.
As stated in the introduction to the US Senate Committee Report on Sarbanes-Oxley, the Act's purpose is: "A bill to improve quality and transparency in financial reporting and independent audits and accounting services for public companies, to create a Public Company Accounting Oversight Board, to enhance the standard-setting process for accounting practices, to strengthen the independence of firms that audit public companies, to increase corporate responsibility and the usefulness of corporate financial disclosure, to protect the objectivity and independence of securities analysts, to improve Securities and Exchange Commission resources and oversight."
Sarbanes-Oxley accomplishes its purpose by the following statutory actions:
* Establishment of the new Public Companies Accounting Oversight Board (PCAOB), under ultimate oversight of the SEC, with authority over registered public accounting firms (whether domestic or foreign) regarding:
** Auditing and audit standards, audit quality control, and auditor independence standards and rules;
** Inspections of accounting firms registered with the Board; and,
** Investigations and disciplinary proceedings.
* Authorisation, effectively, of the Financial Accounting Standards Board (FASB), again under the ultimate oversight of the SEC, to promulgate and define US generally accepted accounting principles (GAAP).
** Legislative proscription of certain non-audit professional services heretofore provided to audit clients by accounting firms.
** Provision for a study of mandatory rotation of registered public accounting firms (that could lead to future legislation mandating that companies rotate their independent auditors after a specified time period).
** Establishment of mandates, for directors and officers, regarding 'corporate responsibility' certifications and assessments, in connection with each and every quarterly or annual financial report, including:
** Representations by the company's chief executive officer(s) and chief financial officer(s), i.e., financial director(s) that they have reviewed the quarterly and annual reports;
** Certification, based on the knowledge of these officers, that such financial reports contain "no untrue statement or omissions of material facts";
** Assertions by these officers that they are responsible for the company's system of internal control;
** Certification, based on evaluations made within 90 days of the respective financial reports, that such internal controls are adequate and effective; and,
** Certification that these officers have disclosed, both to the company's audit committee of the board of directors and to the company's independent auditors: any significant deficiencies in controls, and all instances of possible fraud (whether or not material) involving management or any employees with significant control responsibilities. …