Investigating the new legislation designed to improve governance

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The advent of the second millennium was predicted by some scientist as going to be very chaotic with computers ceasing to work, planes dropping from the skies, nuclear bombs going off accidentally etc. Some predictions were apocalyptic. This era was marked with boom in world trade as well. There was the dot-com bubble and growth in the stock markets around the world. However, by the end of 2001, there were massive corporate failures and accounting scandals and burst in the boom in America with global impact (Moeller, R 2004). The period witnessed the collapse of Enron, and other major companies in the telecommunications industry ( see Appendix 1)(Aronson, N 2002-2003) (Coats, JIV 2007). According to (Moeller, R 2004) Enron a large American corporation that had the attention of investors, operated off balance sheet (OBS) entities to hide its debts and to give false financial reporting to investors. When the company was forced to consolidate its OBS entities into its financial statements, the figures suddenly looked very bad and the company was forced to declare bankruptcy in 2002. The Auditors of Enron, Arthur Anderson were implicated in the firm's collapse because they served as the external and internal auditors simultaneously. In the end, Arthur Anderson was found guilty of criminally obstructing justice (shredding audit working papers at Enron) and thus ended the 90-year run of the audit firm. Worldcom, a major US public telecoms corporation as well reported inflated profits by at least $9 billion for the previous 3 years to 2002. The company declared bankruptcy soon after the disclosure.

It can be inferred that the corporations in the above situation were not telling the truth to investors and the sudden collapse of those companies came unexpectedly to America. Though the apocalyptic predictions of the millennium did not come true, corporate events at the beginning of the millennium were a cause for concern.

The corporate failures and the accounting scandals prompted US legislators to ask "where were the watchdogs"? The watchdogs being the auditors, boards of corporations, financial authorities etc. The scale and the sudden collapse of some large American corporations that affected world economy called for new legislation, supervision and controls to prevent future corporate failures and accounting scandals. (Moeller R 2004)

Sarbanes-Oxley is born in the United States.

While the onslaught of the US scandals hitting the giants like Enron and Arthur Anderson was on, the United States Congress passed the Corporate Accounting Practices Act, also known as the Sarbanes Oxley Act (SOA)- deriving its name from the legislators who sponsored the Act. According to (Lansing, P and Grgurich C, 2004) the Act was to restore investor confidence in public corporate America through accurate and reliable accounting information reported to investors with a 2 prong approach consisting of internal and external monitoring procedures with heavy penalties to corporate executives for non compliance to the Act.

SOA affected public US corporations that traded on American stock exchanges. However, non US resident companies and subsidiaries that traded on the US stock exchange were affected by the provisions of SOA. The Act did not distinguish between large and small companies, nor foreign based and US based companies. (Lansing, P and Grgierich C 2004). The Act was thus meant for all those connected to public listed companies that were registered with securities and exchange commission (SEC).

Thus 2002 saw the new regime of legislation to address the corporate failures of 2001-2002 in America.

Overview of Sarbanes Oxley Act 2002

Sarbanes Oxley Act (SOA) is divided into 11 sections. While all the sections of the Act are important, for the purposes of this assignment, only significant sections that have impact on internal controls on financial reporting are mentioned as below:

Section 201: Services outside the scope of practice of external Auditors:

Prohibited activities include bookkeeping and related accounting services, financial information systems design and implementation, appraisal and valuation services, actuarial services, internal audit outsourcing, management functions, broker and dealer services and legal services.

Section 302 Corporate responsibility for financial reports.

This section requires CEOs and CFOs of public companies issuing financial reports to certify that the financial statements contain neither material untrue statements nor omit material facts.

Penalty for violation of section is up to 20 years imprisonment and $5 million in fines.

Section 401 Disclosures in periodic reports

This section requires financial statements that clearly reflect the economic reality of business events

Section 409 Real time issuer disclosures

This section requires rapid and immediate disclosures of information regarding material changes in financial conditions.

Section 404. Management assessment of internal controls.

Section 404 is a significant chapter of the Act. This sections deals with reporting on internal controls that must be included in annual financial report. Section 404 also requires management assertion and external auditor attestation on internal control effectiveness

Effect of Legislation on Internal controls

SOA has had a significant impact on the internal controls of Companies listed on US stock exchanges. The implementation of the COSO report in the US in achieving section 404 of SOA addresses the issues of internal control.

Internal control is defined in the COSO report as "a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

Effectiveness and efficiency of operations

Reliability of financial reporting

Compliance with existing laws and regulations"

Internal control is therefore the whole system of procedures and policies established by management to achieve its goals. Section 404 of SOA has significantly affected the manner internal controls are addressed and implemented.

Through internal controls, SOA has impacted on firms' transaction cycle. Transaction cycle may be defined as "the repetitive flow of the activities of an ongoing enterprise described in terms of 3 major transaction cycles as follows; Income (Revenue) cycle, Expenditure (Buying) cycle, and Production cycle" (Hall J 2007)

Income (revenue) and Expenditure (buying) cycles.

According to (Hall, J. 2007), expenditure cycle; that includes purchases, cash disbursements and payroll occurs when a business incurs expenditure in exchange for goods and services, and Income cycle, including sales, shipping, receivables (debtors) arises where the organisation receives revenue from outside sources. These cycles exist in all types of businesses-both profit seeking and not-for-profit. Thus these transaction cycles existed in all the failed American companies.

Transaction cycle and internal control

In considering internal controls for transaction cycles, certain control activities must be put in place by the organisation to achieve the efficient transaction processing. The control activities include:

Authorisation - ensuring that only valid transaction are processed. Such transaction must be sanctioned by the company.

Segregation - Transaction processing is broken down, that no single individual or department is able to initiate and complete a transaction in its entirety.

Supervision - checking the work of other people.

Access control - providing security for company records and assets.

Accounting records - this covers documentation used and the availability of audit trail.

Independent verification - checking and cross-checking records at various points to ensure the accuracy and completeness of records processed.

ENRON and transaction cycle

Section 201- This section has banned the auditors from taking certain tasks and consultancy work from clients. This prohibition attempts to promote auditor independence. Thus, if this ban had previously been in place at Enron, its external auditors would not have taken the role of internal auditors, reflecting issues of potential loss of auditor independence. This section would have mitigated against the collapse of Enron. While the loss of auditor independence may be inferred from the Enron case, there were auditors who had taken up clients' internal audit function but still maintained auditor independence.

Section 203 stipulates the rotation of the reporting audit partner. This as well goes to promote auditor independence.

Section 302 Corporate responsibility for financial reports- requires corporate executives to certify and accept financial responsibility for the financial statements. Heavy penalty goes with the infringement of this section. According to (Millar, J and Yeager, F 2007), the CEO and CFO are required to sign a report indicating that they are responsible for the financial report and that it does not contain material mistakes. They argue that with such responsibility and the penalties in place, SOA section 302 would have mitigated against the fraudulent reporting that caused the collapse of Enron and others. While SOA has brought in a regime of harsh penalties for infringement on Section 302, company fraudulent financial reporting and failures continue to happen in America eg Lehman Brothers Holding, AIG ( Wall Street Journal 2008) Fannie Mae and Freddie Mac.

Section 401 requires financial statements that clearly reflect the economic reality of business events. Section 401 as well requires the listing of OBS arrangements that may affect significantly the financial position of a listed company. Enron used a number of off balance sheet (OBS) schemes to report favourable financial statements. Thus, section 401 could have forced Enron to consolidate and disclose it OBS arrangements. The company's financial position may not have been that favourable to investors.

In addition, Enron used a number of advanced billing schemes to report its revenues. Subsequent information has revealed that not all the reported incomes were real.

(Millar, J and Yeager, F 2007) argue further that under Section 404, the CEO and the CFO of the company are required to sign a report within the annual report that, to the best of their knowledge, the internal controls of the company have been tested and are effective. This requirement means that processes have been documented and tested. If the tasks here are undertaken, the weaknesses in the transaction processes will be identified and addressed. According to (John C. Coates IV 2007) the disclosures themselves give the managers the incentive to fix the weaknesses. For example, Worldcom was a major telecoms company that undertook the wrong classification of expenses as assets to improve its revenue levels. However the mistakes were allowed to stand for a considerable time (Millar, J and Yeager, F 2007).

Tyco, Adelphi and transaction cycle

Section 402 Enhanced conflict of interest, prohibits personal loans to executives.

The directors Tyco corporation gave substantial loans to its directors that were not repaid. Company loans to executives and directors are forbidden under SOX.

Section 402 has thus strengthened the regulation on executive loans and could have mitigated granting of loans to executives, leading to collapse. The penalties for default may ensure the objectives of Section 402 will be

While executives are barred from taking direct company loans, they could still take loans from companies via third parties. Taking loans this route may be criminal if found out and potentially achieved.

SOA Section 409 requires rapid and immediate disclosures of all material changes to financial statements and the state of expected affairs. In most of the collapsed corporations, there were delays in communicating information about the firms' financial position that could have enabled investors to react quicker. Section 409 now require company officials to report financial changes immediately. With this requirement in place, fraud and scandals will not be perpetuated for a longer time.

Supplying information to investors may be different to providing the accurate and relevant information as required. Information may be presented to investors without revealing the truth behind the figures etc. E.g. Worldcom delayed to inform investors of its financial condition.

Complying to section 404 requires the strengthening of internal control. This involves the review of all of the organisation's processes taking into consideration their impact. In short, the organisation must implement the key control systems of authorisation, documentation, segregation, supervision, security of records and audit trail. This will reflect in the control environment as proposed by the COSO framework. To confirm internal controls are effective, the external auditors have to attest to the assertions by management.

Modern computerised accounting systems however make the achievement of internal controls difficult as processes are not always segregated, less documentary evidence and supervision. These weaknesses are however compensated for by the system being more efficient and economic.

Even though weaknesses in controls could be identified, the controls can only mitigate against the risks and threats, they can not completely eliminate the threat or risk. Additionally, controls installed today may prove ineffective in future and controls will have to be updated regularly to obtain the full benefit of them. Even in the most elaborate control systems, human collusion can render them ineffective.

Effect on Companies in the UK

SOA affects US corporations that trade on the SEC. However, non US resident companies that trade on the SEC are affected by the provision of SOA. Thus, in general terms, UK companies are not affected by SOA, however UK companies eg British Airways, Cadbury Schweppes etc that trade on the SEC are affected.

In an attempt to meet the requirements of Section 404, SOA (PCAOB) allows UK companies listed in US to use the UK Turnbull guidance to evaluate process. For UK companies listed on the London stock exchange therefore, the Turnbull guidance is applicable. The COSO report, however, does not address risk so it may not be the ideal choice in the UK (ACCA 2005). The Turnbull guidance is principles based as opposed to the US COSO report that is prescriptive. The Turnbull guidance was revised in 20050 to "The combined code" .

The Turnbull guidance cover:

Corporate governance

Internal controls

Internal audit

Risk assessment

The Turnbull guidance was the follow up of the Cadbury report on corporate governance issued in November 1992. The Turnbull guidance of 1999 (Revised 2005) was in existence before the advent of SOA. Like the SOA, the Turnbull guidance was also issued to address instances of corporate governance abuses and scandals and failures of the early 1990s in the UK.

While UK companies trading on the SEC can use the Turnbull guidance to meet the prescription of Section 404, the UK Financial Reporting Council (FRC) counsels that "The value of the Turnbull guidance in the context of S404(a) is solely as a framework within which to address the section's requirements. Nothing in the Turnbull guidance reduces SEC registrants' obligations to comply with US rules and regulations". (FRC press release 2004). It can be inferred that while UK companies can use the Turnbull guidance to meet SOA Section 404 requirements, UK companies trading on the SEC will have to pass any US SOA regulations. With particular reference to Section 404, the identification of internal controls risks, process of evaluation, documentation and certification will have to be maintained.

The Turnbull guidance requires listed companies to have sound systems of installed as a safeguard to shareholders' investment and assets. Directors are also required to review and report on the effectiveness of the internal controls to shareholders. This requirement is similar to SOA sec 404, except that external auditors are not requited to attest to directors assertions.

In terms of cost, it is less costly to apply the Turnbull guidance.

The FRC reports that applying the guidance has improved the awareness and improved risk management for listed companies (FRC 2005).

The Turnbull guidance again is not burdensome compared to COSO report (Rowan J 2004). UK companies apply the guidance to their circumstances.


The SOA was enacted in reaction to scandalous corporate failures in America in 2001-2002. The purpose of the Act was to restore investor confidence in the America stock exchanges. In a sense, this goal has been achieved as the US capital market did not collapse.

However, SOA has come under barrage of criticisms. SOA has been described as an over-reaction and has led to a number of de-listings on the US stock markets (Rowden, J 2004). The Harvard Business review of April 2004 supports this assertion. It says that SOA is causing many dual listed companies to delist from the US, thus boosting the London stock exchange and AIM. Where many companies delist from a stock market, the capitalization of the market decreases leading to the fall in the attractiveness of the stock exchange to investors.

According to (Rowan J 2004) SOA is too onerous and burdensome for American companies. UK companies are alleged to be doing far better with their 2-page governance principles - The Turnbull guidance. It can be concluded that US companies are facing human, financial and other resource problems in implementing SOA provisions. US congress has since exempted the smallest corporations from the strict rules of SOA (Barney F, and Kanjorski, P 2009)

Directly arising from the burdensome nature of SOX is the cost of its implementation. The initial cost of documenting the corporate systems to comply with the Act is very high (Harvard business review, 2006). There has been general complaints by companies of the high cost of implementation of Section 404 in particular.

However, Arthur Levitt, a former chairman of the SEC, and Paul Volcker, a former chairman of the Federal Reserve, have defended the cost of the new rules in referring to the pain suffered by investors in the events of corporate collapse (Rowden, J 2004). This means that SOA comes with cost, a cost welcomed by the investor.

The process by which Sarbanes-Oxley was enacted has again been criticized for being rushed and for ignoring relevant research (Butler and Ribstein, 2006); and does not have a future (Romano R 2009). This criticism was rebutted by (Millar, J and Yeager, F 2007) that the core ideas behind Sarbanes-Oxley had developed for years. Federal bills to create an auditing oversight body date to 1978, after auditing failures in the market downturn of the early 1970s. SOA was therefore not rushed as it appears but has been an old Act recently enacted.

SOA compliance has been made simpler and cheaper following revised guidance on its application by the US SEC (Jon Rowden 2004). The number of interpretations and amendments since 2002 probably goes to confirm that the Act was rushed.

While SOA could mitigated against the collapse of some companies, the cause of business failures have been attributed to lack of strategy, inefficiencies and poor marketing than to fraud and financial scandals. (Doherty D, 2009)

Reference List

ACCA - Accounting and Business, Turnbull guidance on internal control, ACCA, Policy paper March 2005

Aronson, N H (2002) Preventing Future Enrons: Implementing the Sarbanes-Oxley Act of 2002; Editors Stan. J.L. Bus. & Fin.

Coats J IV, 2007 The Goals and promises of Sarbanes Oxley Act, Journal of Economic perspectives, Vol 21, No.1 Winter 2007 pg 91-116

FRC (Financial Reporting Council UK) Press release Dec 2004 The Turnbull guidance as an evaluation framework for the purposes of Section 404(a) of the Sarbanes-Oxley Act, Dec 2004 pg 3

FRC (Financial reporting council UK )Review of Turnbull guidance on Internal controls , Oct. 2005

Hamilton, R W.2002 -Crisis in Corporate Governance

Harvard business review April 2006

John C. Coates IV 2007 Journal of Economic Perspective pg 103 The Goals and Promise of the Sarbanes-Oxley Act

Lansing, P and Grgierich C (2004) International Journal of management, Vol 21, No21 Sept 2004

Millar, JA and Yeager FC 2007 , Institute of Economic affairs, 2007, The recent regulatory response to corporate economic crimes in the United States.

Rowden J, Accounting & Business, published by ACCA, Sept. 2004

Roberta Romano ,2009 Does the Sarbanes-Oxley Act Have a Future, Yale Law School; National Bureau of Economic Research (NBER); European Corporate

Governance Institute (ECGI), Yale Law & Economics Research Paper No. 385

Barney F,and Kanjorski,P, Wall Street Journal 12/12/09, Vol 254, Issue 139, PA18

Wall street Journal Sept 2008


Bagranoff, Simkin, Strand. Accounting Information systems,

Butler H, Ribstein L, The Sarbanes-Oxley debacle: What we've learned; How to Fix it. Publisher-American Enterprise Institute Press, 2006

Hall, J. Accounting Information systems, 5th Ed, Rob Dewery, 2007

Green, S, Manager's guide to the Sarbanes-Oxley Act: Improving internal controls to prevent fraud.

Moeller, R R, (2004) Sarbanes-Oxley and the New Internal Rules. John Wiley & Sons Inc, New Jersey'

Sarbanes-Oxley Act 2002- Passed by the US Senate and Congress.

Rezaee, V, Corporate governance post- Sarbanes Oxley-regulations, requirement, and integrated processes, John Wiley & Sons, 2007

Rezaee, V, Corporate governance post- Sarbanes Oxley-regulations, requirement, and integrated processes, John Wiley & Sons, 2007

Tarantino, A. Manager's guide to Compliance: Sarnaes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB, A 123, ASX10, 2006