Sarbanes-Oxley Act (SOX)
A 2002 US federal law requiring enhanced financial disclosures, internal controls, and auditor independence for public companies.
What is Sarbanes-Oxley?
The Sarbanes-Oxley Act of 2002 (SOX) was enacted in response to major accounting scandals at Enron, WorldCom, and Tyco. Its key provisions include Section 302, which requires CEOs and CFOs to personally certify the accuracy of financial statements, and Section 404, which requires management and external auditors to assess and report on the effectiveness of internal controls over financial reporting. SOX also established the Public Company Accounting Oversight Board (PCAOB) to regulate auditors, strengthened auditor independence rules, and increased criminal penalties for securities fraud. SOX compliance costs are significant, particularly for smaller public companies, and the Act fundamentally reshaped corporate governance and audit practices in the US.
Example
A public company's CFO must certify under Section 302 that quarterly and annual financial reports fairly present the company's financial condition and that the CFO has evaluated disclosure controls. Under Section 404, the company's auditor must separately attest that management's assessment of internal controls is fairly stated. Failures in these certifications expose executives to criminal liability, including up to 20 years imprisonment for knowingly certifying false statements.
Source: SEC — Sarbanes-Oxley Act of 2002