Lessons Learned from Section 404 of the Sarbanes-Oxley Act

By Ho, Shih-Jen Kathy; Oddo, Alfonso R. | The CPA Journal, June 2007 | Go to article overview
Save to active project

Lessons Learned from Section 404 of the Sarbanes-Oxley Act

Ho, Shih-Jen Kathy, Oddo, Alfonso R., The CPA Journal

A Conversation with Compliance Officers

Corporate accounting scandals in the past decade, such as Enron and WorldCom, led the U.S. Congress to pass the landmark legislation the Public Company Accounting Reform and Investor Protection Act of 2002, commonly known as the Sarbanes-Oxley Act (SOX). To make management accountable for accurate financial statements, section 404 of SOX requires an annual evaluation and report by management on the effectiveness of internal controls and procedures for financial reporting, as well as a report by the independent auditor attesting to management's assertion. Management must include a statement in its annual internal control report that it is management's responsibility for establishing and maintaining adequate internal controls and procedures for financial reporting. Both the public company and individual managers may be subject to significant criminal and civil penalties for noncompliance with SOX. The effective date for accelerated filers was November 15, 2004, and for nonaccelerated filers the date has been extended to July 15, 2007.

This article examines compliance with SOX section 404 from management's perspective. The authors interviewed compliance officers from two U.S. Fortune 500 companies, referred to as LMN and UVX for the sake of confidentiality. The authors are very grateful to the compliance officers who participated in this study. These individuals were the managers of the SOX compliance project at their respective companies and have been involved in compliance since 2002. Each presented his or her company's experience in implementing SOX section 404, at a summer conference in 2005. Two separate follow-up interviews were conducted, in December 2005 and in January 2006. The interviewing style incorporated a hybrid of the focused interview, using specific questions, and the in-depth interview, permitting the interviewee to direct the interview. The interviewees were asked to describe the project, the implementation steps, facilitating factors, major challenges, key benefits, training provided, unresolved issues, and their experiences of implementation. Most important, as early adopters, the interviewees were asked to share the lessons they learned.

Compliance Cost and Resources

LMN: The company has roughly 50,000 employees globally, with annual sales of $14 billion. In terms of SOX compliance, approximately 50 people globally were involved in the project. Outside consultants were also engaged from two other Big Four accounting firms in addition to LMN's external auditor. The total compliance cost in 2004 was $18.1 million, of which $7.1 million was paid to the external auditor for its work related to SOX. LMN had a loss in 2004.

UVX: UVX has annual sales of $25 billion. The company spent well over $20 million in the implementation phase of SOX and, like most companies, its audit fees went up during that time period as well. UVX also hired consultants, independent contractors, and some smaller regional accounting firms to work directly on areas needing cleanup. Additional Big Four accounting firms were used as consultants in specific areas to assist with the initial review period. These consultants were engaged for about one year, after which the work was integrated into staff responsibilities, with some minimal hiring, mostly at the clerical level.


The implementation of the compliance project was very similar for the two companies interviewed. Both used the Committee of Sponsoring Organizations (COSO) model in looking at risk and internal control, and began with an interpretation phase of figuring out what the law meant. (See David R. Campbell, Mary Campbell, and Gary W. Adams, "Adding Significant Value with Internal Controls," The CPA Journal, June 2006.) Part of the problem at this step was that the law itself was not quite established. About midway through 2004, the companies began to really understand what compliance meant.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Lessons Learned from Section 404 of the Sarbanes-Oxley Act


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?