Navigating your way through this lesson is easy.

On the left, a menu displays the course topic headings.

The Transcript tab displays a text version that is identical to the spoken narration.

Full-text search is available at the bottom of the menu tab.

Volume controls are at the bottom of the screen.

On the timeline bar, you can pause audio and animation, monitor your progress on the current screen, and re-watch the current screen.

The Previous button takes you back one screen. Once you have completed the screen, click the Next button.

Many courses will provide additional references, including a glossary of terms relevant to the course. These can be accessed in the Resources menu on the top-right, when applicable.

If you need to break up your learning into several sessions, the lesson player remembers where you left off and returns you to that point when you click “Yes.”

Objectives

By the end of this module, you should be able to:

· Identify high level requirements of key sections (302, 404, 409, and 906) of the Sarbanes-Oxley Act (SOX)

· Identify the role of the Securities and Exchange Commission (SEC), and

· Identify the role of the Public Company Accounting Oversight Board (PCAOB)

Welcome to the Introduction to the Sarbanes-Oxley Act of 2002 training module.

Hello, my name is Tina, and I’ll be your host for this training.

During this course, we will learn about the origin and the purpose of the Sarbanes-Oxley Act of 2002 and the main requirements of the legislation, review its key sections, and describe the roles of both the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB).

Overview of the Act

The Sarbanes-Oxley Act of 2002 (hereafter referred to as “the Act”) is a combination of bills drafted by Senator Paul Sarbanes and Congressman Michael Oxley. On July 30, 2002, President Bush signed the Act into law during a public ceremony held in the White House.

The Act has been described as the most dramatic change to federal securities laws in recent history, as it radically redesigned the federal regulation of the corporate governance and reporting obligations for public companies.  It also significantly tightened accountability standards for directors and officers, auditors, securities analysts and legal counsel.

The Act is a result of the accounting scandals that began with the collapse of Enron, a Houston-based energy trading company, and the ensuing indictments by the Department of Justice of Arthur Andersen, LLP, one of the Big 5 public accounting firms. Many large corporations and public accounting firms have since been involved in similar scandals: financial misstatements resulting from such issues as revenue recognition matters, capitalization of period items that should have been expensed, and the treatment of complicated off-balance sheet arrangements that may or may not have had legitimate business purposes.

At the time the legislation was enacted, hundreds of companies had restated their earnings over the last few years, which add up to more than ALL of the misstatements that occurred during the previous two decades. The Sarbanes-Oxley legislation is thus intended to protect investors by improving the accuracy and reliability of corporate disclosures.

The act imposes heavy penalties, including fines and jail sentences, for executives associated with corporate business fraud.  It applies tough legislative measures, including a required quarterly executive certification of financial statements and disclosure controls and procedures for all publicly traded companies in the U.S.  The requirements also stipulate a oversight structure, the Public Company Accounting Oversight Board (PCAOB), which is the governing body over the external auditors.

There are many requirements of this Act, and we have organized them into six broad groups. The Act:

1. Expands reporting requirements and accountabilities for public companies

2. Expressly prohibits certain actions

3. Empowers audit committees with expanded responsibilities

4. Substantially increases the penalties for officers and directors committing a crime

5. Creates oversight for external auditors, and

6. Increases SEC oversight activity.

In the next few sections we will discuss each of these six groups separately.

But first, we will review what we have learned so far. Now, let’s check our comprehension of the material we have covered with a review question.

Now, let’s discuss the six broad groups of requirements.

First, the Act expands reporting requirements and accountabilities for public companies by requiring the following:

· CEO and CFO attestations to all SEC registrants, which are subject to civil and criminal penalties

· An internal control report to be filed with the annual report

· Real time disclosures of material changes in financial condition or operations

· Disclosure as to whether registrants have established a Code of Ethics or an explanation of why they have not

· Immediate disclosure of waivers from the established Code of Ethics

Second, the Act expressly prohibits certain actions, such as:

· Actions to fraudulently mislead auditors for the purpose of making financial statements materially misleading

· Loans to directors and executive officers (with certain “Grandfather” provisions)

· Insider trades during pension fund blackout periods of more than three consecutive business days when at least 50% of the company’s employees are not allowed to trade the company’s securities in their Individual Retirement Accounts

· Performance of certain non-audit services by external auditors

· Hiring employees from the external auditor who were involved in any capacity in the audit, until after a one-year “cooling off” period

Third, like the Exchanges, the Act empowers audit committees with expanded responsibilities and requires the following:

· All members of the audit committee are required to be independent

· Audit committees are directly responsible for the selection, retention, compensation and oversight of independent auditors

· The committee is required to pre-approve audit and non-audit services by the external auditor

External auditors are required to report certain information to the audit committee relating to, for example:

· Critical accounting policies and practices

· Alternatives discussed with management

· The treatment preferred by the auditor

· Other “material” written communications delivered to management, such as the management letter.  

· The audit committee’s financial expertise must be disclosed

· Audit committees must also establish procedures for hearing complaints about financial reporting and conduct executive sessions with auditors without management presence

Fourth, the Act substantially increases the penalties for officers and directors committing crimes, such as tampering with a record and impeding investigations, destroying audit records or committing securities fraud.

The Act does this by requiring the following:

· The U.S. Sentencing Commission to revise federal sentencing guidelines to adequately reflect the serious nature of corporate fraud and obstruction of justice

· An antifraud provision, which broadens the basis for criminal prosecution of securities fraud and increases the potential penalties

· Increased authority of regulators and prosecutors to deal in a more aggressive and timely manner with officer and director misconduct

· Executives being required to forfeit bonus or other incentive-based compensation received or profits realized from the sale of company securities during the 12-month period following the issuance of financial statements that are subsequently restated

· Protection of corporate whistleblowers from retaliatory acts

All of the criminal provisions of the Act became effective on July 30, 2002.

Fifth, the Act increased oversight for external auditors by:

• Creating an oversight body called the Public Company Accounting Oversight Board (PCAOB)

• Mandating external audit partner rotation (every five years)

• Requiring the PCAOB to study the need for external audit firm rotation

Finally, the act increases SEC oversight activity by:

· Increasing the frequency of review of corporate filings

· Requiring the SEC to set standards for rapid and current disclosure requirements, pro forma presentation rules, professional conduct for attorneys and other matters

· Extending the SEC order requiring CEO and CFO certifications (which the Commission had issues prior to enactment of the Act) to all public companies and expanding the certification requirements

· Increasing the penalties for filing an incorrect certification to constitute a felony

There are many pieces of the puzzle completed through the enactment of the Act. Four pieces of the puzzle comprise the financial reporting aspects of the Act. We will now discuss these provisions of the legislation.

Section 302

This section requires a Certification by the Principal Executive and Financial Officers every quarter:

· Requires the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions to certify annual and quarterly reports to the SEC; in practice, these individuals have generally been the CEO and the CFO

· Requires various representations by certifying officers, similar to Section 906, plus additional representations related to disclosure controls and procedures, internal control over financial reporting, and certain instances of fraud

Section 404

This section requires an annual Management Assessment of Internal Control over Financial Reporting:

· Directs the SEC to issue rules requiring that annual reports filed with the Commission shall state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and contain an assessment of the effectiveness of such internal controls

· Requires the performance of an annual assessment of the effectiveness of internal control over financial reporting and a related attestation from the external auditor

· Requires auditors to provide internal-control-related services to the audit client only when the engagement is specifically pre-approved by the audit committee

·

According to the SEC’s final rules on Sarbanes-Oxley, a domestic Accelerated filer (that is, a company with revenues of 75 million or more) is required to comply with all of the requirements of Section 404, including Section 404(a) (management’s assertion on the effectiveness of internal control over financial reporting) and Section 404(b) (the auditor attestation of internal control over financial reporting). A domestic, Non-Accelerated filer (less than $75 million in revenues) must only comply with Section 404(a) of the Act and provide an internal control report but is exempt from Section 404(b). Thus, Non-Accelerated filers have no requirement to provide an auditor’s attestation report on internal control over financial reporting in the annual report.

A foreign private issuer that files its annual report on Form 20-F or Form 40-F and is an Accelerated filer must also comply with all of the requirements of Section 404, including Section 404(a) and Section 404(b). A foreign private issuer that files its annual report on Form 20-F or Form 40-F and is a Non-Accelerated filer must only comply with Section 404(a) of the Act but is exempt from Section 404(b). Thus, there is no requirement to provide an auditor’s attestation report on internal control over financial reporting in the annual report.

Registered investment companies are required to comply with Section 404.

Newly public companies that are Accelerated filers have until the filing of their second annual report to comply with both Section 404(a), management’s assertion on the effectiveness of internal control over financial reporting, and Section 404(b), the auditor attestation of internal control over financial reporting. Newly public companies that are non-accelerated filers have until the filing of their second annual report to comply with Section 404(a) but are exempt from Section 404(b).

Finally, the Jumpstart our Business Startups Act of 2012 creates a new category of reporting companies – “emerging growth companies” (EGCs), defined as companies that post revenue of less than $1 billion in their most recently completed year – that are no longer subject to SEC regulations previously required of newly public companies. EGCs have a reprieve (of up to 5 years in length) from a number of rules and requirements, including but not limited to Section 404(b) of the Sarbanes-Oxley Act (auditor attestation of internal control over financial reporting). How long a company can retain its EGC status is influenced by a number of factors.

Section 409

This section of the Act focuses on Real Time Issuer Disclosures:

Requires each issuer to give rapid and current disclosure in plain English regarding material changes in the financial condition or operations of the issuer.

Section 906

Immediately effective upon enactment of the legislation, this section is the Requirement for Certification by Principal Executive and Financial Officers:

· Requires periodic reports containing financial information to comply with the Exchange Act and fairly present financial condition and results of operations

· Requires that each periodic financial report to the SEC be accompanied by a written statement that is signed by the CEO and the CFO of the issuer certifying that the periodic report containing the financial statements fully complies with securities laws

· Requires that penalties for certifying a misleading or fraudulent report be a fine up to $1 million, or imprisonment up to 10 years, or both; and that penalties for willfully certifying a misleading or fraudulent report be a fine up to $5 million, or imprisonment up to 20 years, or both

http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

Now we will discuss the Securities and Exchange Commission (SEC) and how it relates to The Sarbanes-Oxley Act and functions as the regulatory agency empowered to make rules around the Act’s specific provisions.

SOX and the SEC

The SEC is responsible for implementing the majority of the provisions of the Sarbanes-Oxley Act by writing and adopting rules.

The SEC writes and releases rules related to the Sarbanes-Oxley Act. At the time the Act was passed, the Commission planned to adopt rules according to a specific timetable, as articulated in the legislation, in order to give fair notice to parties subject to the rules.  Whenever issuing new rules, the SEC is required by law to expose rule proposals; to accept and consider comments and objections to these proposals; and finally to explain why comments and objections are either accepted or rejected. In June of 2007, the SEC published its long-awaited interpretive guidance for management regarding a company’s evaluation and assessment of internal control over financial reporting (ICFR).

The SEC also adopted several amendments to:

· Make it clear that an evaluation that complies with the Commission's interpretive guidance would satisfy the annual management evaluation required by those rules,

· Require the expression of a single opinion directly on the effectiveness of ICFR by the auditor in the attestation report, and

· Modify the definition of the term, “material weakness.”

In some cases, the comments and objections help the SEC tailor the proposed rules to make them workable both in the U.S. and abroad.

Role of the PCAOB

In addition, The Sarbanes-Oxley Act created yet another organization over which the SEC provides oversight, the PCAOB.

The SEC established the Public Company Accounting Oversight Board (PCAOB) as directed by Section 105(a) of The Sarbanes-Oxley Act of 2002. The PCAOB's role is to ensure, by rule, that public company financial statements are audited according to the highest standards of quality, independence, and ethics.

The PCAOB differs from the Financial Accounting Standards Board (FASB) in that the FASB’s main objective is to establish and improve standards of financial accounting and reporting for the guidance and education of the public, including issuers, auditors, and users of financial information. The SEC will continue to recognize pronouncements of the FASB as being generally accepted for the purposes of filings with the Commission. The FASB still operates in the private sector. The PCAOB, on the other hand, is a regulator established through legislation.

Prior to establishment of the PCAOB, the American Institute of Certified Public Accountants (AICPA) was, and continues to be, the national, professional organization for all Certified Public Accountants. The AICPA’s objective is to provide members with the resources, information, and leadership that enable them to provide valuable services in the highest professional manner to benefit the public as well as employers and clients. In the past, the Auditing Standards Board (ASB), formed through the AICPA, issued auditing standards comprising generally accepted auditing standards (GAAS). Since its formation, the PCAOB has since taken over the ASB’s authority as the sole standards-setter of GAAS.

The PCAOB’s responsibilities include:

· Overseeing the audits of public companies that are subject to the U.S. Federal securities laws

· Registering public accounting firms

· Establishing auditing, quality control, ethics, independence and other standards relating to public company audits

· Conducting inspections, investigations and disciplinary proceedings of registered accounting firms

· Enforcing compliance with the Act

Like the SEC, the PCAOB is required to expose its proposed standards and rules for public comment.

The SEC oversees the operations of the PCAOB. The SEC has the authority to appoint or remove members of the PCAOB, to approve its budget and rules, and to entertain appeals of adverse PCAOB inspection reports and disciplinary actions. The SEC also approves standards released by the PCAOB, and sometimes may expose the Board’s proposed standards for further public comment.

Additional Comments Regarding the Role of the PCAOB

On April 25, 2003, the Securities and Exchange Commission and the Public Company Accounting Oversight Board jointly announced that the PCAOB is appropriately organized and has the capacity to carry out the requirements of The Sarbanes-Oxley Act of 2002.

The SEC’s announcement and approval is a formality required to fulfill both a congressional order and Section 101 of the Act. It ratifies the way in which the PCAOB has organized itself and the Board’s plans to begin registering and regulating accountants who audit the books of public corporations listed on U.S. exchanges.  

The PCAOB consists of five members, appointed because of their “demonstrated commitment to the interests of investors and the public” and their sound understanding of the laws and obligations of financial reporting. The members serve five-year terms on the Board, with a two-term limit. Their service is on a full-time basis, which means they cannot have any other concurrent employment “or engage in any other professional or business activity.” At all times, two members must be CPAs.

On April 16, 2003, the PCAOB voted unanimously to take control of the auditing standards-setting process, effectively ending more than six decades of self-regulation of the accounting profession. Thus the Auditing Standards Board of the AICPA no longer has a role in the standards-setting process.

Three other significant acts by the PCAOB since its inception have been (1) the acceptance of prior standards issued by the now-defunct Auditing Standards Board, pending further review and notice by the PCAOB, (2) the issuance of Auditing Standard No. 2 in 2004, “An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements,” and (3) the adoption of an updated standard, Auditing Standard No. 5, “An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements” in May of 2007.