Panorama of the US Capitol at sunset

Twenty years later, SOX continues to drive trust in the capital markets

The Sarbanes-Oxley Act (SOX) is viewed worldwide as an effective framework for increasing the reliability of financial reporting, deterring corporate fraud and promoting audit quality.

In brief

  • The passage of SOX marked a watershed moment for financial reporting and the audit profession.
  • SOX strengthened the independence of the audit, empowered independent audit committees and upheld executive accountability for financial reporting.
  • SOX produced an enduring regulatory framework that restored investor confidence and continues to help the capital markets to thrive.

The US proudly has the deepest and most liquid public capital markets in the world, due in part to the strength of the US regulatory framework, which inspires confidence among investors – from Main Street to Wall Street. Twenty years ago, a series of financial reporting scandals severely shook this confidence. The U.S. Congress responded with the Sarbanes-Oxley Act of 2002 – known to us today as “SOX” – which aimed to strengthen investor confidence and restore trust in the capital markets.

Since its enactment, SOX has provided a robust framework for deterring corporate fraud, increasing transparency and promoting complete and accurate financial reporting in the public capital markets. Among its provisions, SOX created the Public Company Accounting Oversight Board (PCAOB or Board), thereby ending self-regulation in the audit profession; strengthened the independence of the audit; empowered independent audit committees to oversee audits and financial reporting; and strengthened executive accountability around the financial reporting process.

These mutually reinforcing elements of the Sarbanes-Oxley Act remain key pillars of financial reporting in our capital markets today, supporting investor protection, serving as a model for the world and continuing to support trust in financial reporting.

Download the full article on: SOX at 20: The enduring legacy of the Sarbanes-Oxley Act

PDF (1 MB)

At Ernst & Young LLP, we recognize the ground-breaking and enduring impact of SOX and acknowledge that maintaining investor confidence in financial reporting requires relentless work and attention. We are committed to serving the public interest and fully engaging with our stakeholders to build on the foundation SOX established to fulfill the goals of the legislation, which are even more relevant and vital today.

Main Hall of the Library of Congress ceiling, Washington, DC
1

Chapter 1

SOX enhances executive accountability for financial reporting

The Sarbanes-Oxley Act places explicit accountability for the quality and accuracy of a company’s financial statements on its CEO and CFO.

SOX emphasized the importance of internal control over financial reporting (ICFR), which helps ensure that the financial statements are put together using accurate and complete information. While public companies have long been required to maintain effective systems of internal control pursuant to the Foreign Corrupt Practices Act of 1977, SOX requires them to annually evaluate their financial internal controls and to publicly disclose the results of that assessment.

SOX mandates that for each quarterly and annual report, a company’s CEO and CFO certify that they have reviewed their report, that based on their knowledge the financial information included in the report is fairly presented, that based on their knowledge the report does not contain any untrue statement of material fact or omit a material fact that would make the financial statements misleading, that they acknowledge their responsibility for establishing and maintaining ICFR as well as disclosure controls and procedures, and that they have evaluated the effectiveness of these disclosure controls and procedures and disclosed any material changes in the company’s ICFR.

These requirements emphasize top executives’ accountability for their companies’ financial statements and related controls, and mandate stiff penalties for non-compliance.

Office building top view background in retro style colors. Manhattan buildings of New York City center - Wall street
2

Chapter 2

SOX encourages greater oversight of the audit

SOX created an independent body to oversee the audit profession and requires each company’s audit committee to oversee its external audit.

The PCAOB, established under SOX, is an independent regulator of auditors of public companies and broker-dealers. The agency has inspection, enforcement and standard-setting authority. Establishment of the PCAOB ended more than 100 years of self-regulation by the public company audit profession.

SOX requires listed companies to have independent audit committees that are directly responsible for the appointment, compensation and oversight of the work of the external auditor. Oversight responsibilities under the act include monitoring the auditor’s independence and resolving any differences between the auditor and management regarding financial reporting. Audit committee members must be independent of management and the company, and audit committees must disclose whether they have a financial expert among their members, and if not, why not.

Golden Wall Street in building
3

Chapter 3

Auditor independence underpins investor confidence in the capital markets

Capital market stakeholders rely on accurate financial reporting. SOX put tools in place to achieve auditor independence and objectivity.

Audit quality

EY is committed to serving the public interest by performing high-quality audits that promote trust and confidence in the capital markets.

Read more

SOX granted responsibility for setting public company auditor independence rules to the PCAOB, augmenting the existing authority of the U.S. Securities and Exchange Commission (SEC).¹ It also codified into federal law further limits on the types of non-audit services that audit firms can provide to the public companies they are auditing. SOX also made independent audit committees,² rather than company executives, responsible for the appointment, compensation and oversight of the auditor.

Another way that SOX helps protect auditor independence and objectivity is by requiring the mandatory rotation of certain key partners involved in audits every five years. This is intended to limit overfamiliarity with a company and management. Prior to the enactment of SOX, professional standards required the lead engagement partner to rotate every seven years.

columns of historic building
4

Chapter 4

The provisions of SOX continue to enhance audit quality

The accountability and oversight put in place by the SOX framework drive a continued commitment to audit quality.

The PCAOB promotes high-quality audits by conducting periodic inspections of its registered audit firms. These inspections provide an independent review of audit quality and highlight opportunities for audit firms to make improvements, both at the individual audit engagement level and with respect to a firm’s system of quality control.

Each listed company has an independent audit committee overseeing the audit to provide oversight in years when the PCAOB may not examine a specific audit engagement through its inspection program. SOX also required the SEC to pass rules mandating that exchanges establish listing rules to encourage audit committees to have at least one member who is a “financial expert”³ who can serve as a resource to help the audit committee carry out its duties.

United States Department of Commerce, Washington DC
5

Chapter 5

SOX was established to protect investors

One of the foundational aims of the legislation was to protect the public by making sure reporting is accurate and reliable.

EY Center for Board Matters

We support board members in their oversight role by helping them address complex boardroom issues.

Read more

SOX gave the PCAOB the authority to investigate potential violations of auditing standards and rules in addition to the SEC’s existing authority. The PCAOB’s enforcement staff investigates and sanctions individual auditors and audit firms for violations of laws, regulations and professional standards. This PCAOB authority supplements the already robust authority that the SEC has to enforce all securities laws and regulations, including with respect to auditors and financial reporting. 

SOX also created key protections for whistleblowers who report suspected fraud with respect to a public company’s financial reporting. SOX also required public company audit committees to establish procedures for receiving whistleblower complaints and to make sure that they are addressed confidentially and anonymously. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 expanded the incentives for whistleblowers to report wrongdoings and directed the SEC to create a whistleblower program, which led to the establishment of the SEC’s Office of the Whistleblower in 2011.  Since the inception of this program, through May 2022,   the SEC has awarded approximately US$1.3 billion to 273 individuals who have helped bring wrongdoing to light.


Summary

The mechanisms put into place through SOX to support independent audits, strong financial reporting and accountability – including independent audit oversight and internal control over financial reporting – have been recognized by audit professionals, executives, investors and regulators around the world. Although the US financial markets have continuously evolved over the past 20 years, the enduring regulatory framework that came out of SOX continues to bolster investor confidence in the capital markets.

Related articles

Teaming to fight fraud and build healthy capital markets

Nearly two decades after its passage, SOX is recognized for its effectiveness in promoting trusted financial reporting and high levels of audit quality.

19 Aug 2021 John King

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.