Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
The purpose of this report is to present the Sarbanes-Oxley Act, starting from the history of self-regulation and its regulatory bodies, presenting the governance scandals which triggered the Act’s creation, emphasizing the requirements of Section 404 and concluding on recent crises.
The history of self-regulation in the United States is structured in two parts:
(1) Early Standards, including the Acts of 1933 and 1934, GAAS and GAAP, with short focus on peer review, and
After seventy years of self-regulation many accounting frauds, governance scandals and bankruptcies shacked the U.S. market. Due to their relevance and impact on regulatory standards the cases of Enron and WorldCom were chosen to be discussed.
After enacting the Sarbanes-Oxley Act of 2002, the U.S. Congress started a new era, by choosing to enforce a new independent body (PCAOB) to monitor the auditing companies. In relation with SOX the followings were considered:
(1) SOX’s summary, with its objectives and main sections,
(2) Public Company Accounting Oversight Board (PCAOB), with its mission and enforced authority.
Next, the analysis focused on the section 404 of SOX 2002 because is the provision which caused the most violent discussions from executives’ part. Due to the section impact on companies’ financial statements the report includes a short presentation of its rules with a larger analysis of implementation costs and benefits.
Still, even if the SOX and the SEC regulated the market in order to protect the investors and to avoid future corporate frauds, the financial crisis revealed new scandals, out of which in this report are mentioned:
(1) Bernard Madoff’s Ponzi scheme, and
(2) Bank of America Corporation’s lack of disclosure related to Merrill Lynch merger.
Taking into consideration these scandals, changes of regulations must be considered for the future and, maybe, reconsiderations of auditors’ role as management strategic advisors.
HISTORY OF SELF REGULATION IN USA
I.1. Early Standards
In the United States, at the beginning of the 20th century, the regulations for accounting and auditing were the same as United Kingdom regulations due to the fact that the major American corporations were branches of Britain companies (Benston G., et al., 2006). Still, the market experienced a low level of regulation (or almost absent), the succeeding events (stock market crash in 1929 and depression from 1930) indicating a strong need for regulating and disclosing policies to be established by the federal government.
Securities Act of 1933 and Securities Exchange Act of 1934. The historical foundation for regulations of financial disclosure by corporations is considered to be the moment when, immediately after the market crash from 1929, the U.S. Congress enacted two major laws, the Securities Act of 1933 and the Securities Exchange Act of 1934. For the first time in history, those two rules contained pragmatic provisions regarding corporate investors and financial disclosure:
“Companies publicly offering securities for investment dollars must tell the public the truth about their businesses, the securities they are selling, and the risks involved in investing.
People who sell and trade securities – brokers, dealers, and exchanges – must treat investors fairly and honestly, putting investors’ interests first.” 
GAAS. Starting with 1939, the first generally accepted auditing standards (GAAS) were drafted and adopted by the American Institute of Accountants (currently AICPA), through its Auditing Standard Executive Committee (AudSEC) (currently Auditing Standards Board). Because GAAS refers to risks assessment and ways to mitigate them, three areas of provisions were defined (Benston G., et al., 2006):
(1) general standards – for determining the auditors’ personal traits;
(2) fieldwork standards – for setting the audit analysis, evaluation of internal controls and audit evidences;
(3) reporting standards – for assessing the disclosures of financial statements and the audit opinions, respectively the application of GAAS to GAAP.
GAAP. Starting with 1936-1938, the SEC entrusted the Committee on Accounting Procedure (part of AICPA) to issue a private-sector accounting standards in order to set-up an accounting system requested by the market needs. The first generally accepted accounting principles (GAAP) were developed in its initial form of Accounting Research Bulletins (ARB).
Peer Review. In the early 1960s, the major consulting accounting companies started to form peer reviews for a better quality of “accounting, auditing and attestation services performed by AICPA members”  . This means that every CPA firm must be reviewed by another CPA firm. The latest company must independent from the reviewed company and must have qualified experience.
The supervision of the peer review activities is assured by the Public Oversight Board (POB), an independent private sector body  , which, even if was created by SECPS members, is independent from the profession and the regulatory process.
I.2. Regulatory Bodies
Securities and Exchange Commission (SEC). The US Congress, through Securities Exchange Act of 1934, established SEC as an independent agency, having as main duty to “define technical, trade, accounting, and other terms used” in securities market, in the United States. The Commission is responsible for (1) interpreting federal securities laws; (2) issuing new rules and revising existing rules; (3) supervising the examination of securities players (brokers, investments advisers, other agencies); (4) monitoring private regulatory organizations in the securities area; and (5) complying U.S. securities rules with other American and foreign authorities  .
Currently, the SEC is administrating the most important laws that standardize the securities industry, laws which are: (1) Securities Act of 1933, (2) Securities Exchange Act of 1934, (3) Trust Indenture Act of 1939, (4) Investment Company Act of 1940, (5) Investment Advisers Act of 1940, (6) Sarbanes-Oxley Act of 2002.
The authoritative power of SEC implies laws enforcement in cases of fraud, insider trading, and any other infringements done by the individuals and companies on the securities area.
American Institute of Certified Public Accountants (AICPA). If all preceding associations (like the American Association of Public Accountants, the Institute of Public Accountants, the American Institute of Accountants) are taken into consideration, than it can be stated that AICPA dates from 1887  .
Associating all the certified public accountants (CPAs) in the U.S., the AICPA is the main non-government authoritative body in developing auditing standards (including technical rules and ethical codes) and other regulating services for CPAs. Furthermore, it has the authority to monitor and to enforce the law in cases of non-compliance with the standards.
Auditing Standards Board (ASB). Within AICPA, the ASB is assigned to be the committee in charge to actually issue the standards and the regulations for CPAs, for non-public company audits, next to the necessary guidelines and the interpretations of the laws.
Financial Accounting Standards Board (FASB). Over time, the mission to regulate the private sector by clear defined financial accounting standards passed from AICPA’s Committee on Accounting Procedure to the Accounting Principles Board. By the end of 1960s the market development triggered an increasing demand for accounting standards updated in the same rhythm as the economical growth. As a result, since 1973, the Financial Accounting Standards Board has been created as a private, non-profit institution, founded with the purpose to “establish and improve standards of financial accounting and reporting for the guidance and education of the public, including issuers, auditors, and users of financial information.” 
CORPORATE GOVERNANCE: FAMOUS SCANDALS
In 2002, Ribstein L. argues in the Journal of Corporation Law that the traditional approach of corporate governance in large corporation must be established by government regulation. This approach is based on assumption that the shareholders, in order to protect their ownership goals, lack of tools to control the management actions. On the other hand, acknowledging the shareholders’ weakness, the managers are predisposed to take advantage of the situation by acting on their own personal interests and power.
Companies’ financial statements are the mean through which the managers can show their contribution to the corporate overall growth. If in this judgment is included the fact that corporate management usually has had compensation formulae strongly related with companies’ financial performance (such as options on company’s shares), the management tendency to manipulate companies’ financial statements becomes obvious, or, in other words, the management is highly interested “to manage earnings” (Kaplan R., 2004).
After seventy years of corporate regulation, in 2001 and 2002 series of management frauds rocked the investors trust in the market. Scandals like Enron, WorldCom, Tyco, Adelphia, and Waste Management opened a new era of financial manipulation. What is essential to be mentioned is the fact that all these frauds were possible despite all the levels of supervision in place, such as executive directors, external auditors, accounting firms, debt rating agencies, or securities market analysts (Ribstein L., 2002).
The most resonant scandal was Enron, which, after being one of the world’s biggest power dealers, revealed in October 2001 losses higher than $70 billion in equity value. WorldCom, which played an important role on telecommunication market, disclosed in March 2002 that its revenues are overstated by capitalizing expenses, losing $180 billion in shareholder equity. Both cases will be discussed in the following section, emphasizing on fraudulent operations and corporations weaknesses.
False increased profits, hidden liabilities totaling over $1 billion by using off-the-books transactions.
Manipulation of the Californian energy market during the electricity crisis, recording “total profits of $2.7 billion from trading electricity and gas in western markets” (Markham J., 2006).
Extorting and gaming the power prices, as well as an overcharge of “$175 million for electricity generated by Enron wind farms” (Markham J., 2006).
Securities fraud, wire fraud, money laundering, insider trading, and filing false income tax returns (for Enron’s executives).
With losses higher than $70 billion in equity value (Bryce R., 2002), Enron scandal is one of the biggest political scandals in American history.
In 1985, Enron started its business as an important trader on U.S. energy market, developing its operations within: transactions with natural gas, constructions of power facilities and pipelines, telecommunications services, buying/selling commodities. Its rapid growth offered to the public media a sensation of unstoppable revenues and solid financial stability. Before the public disclosure from 2001, the revenues and the incomes reported by Enron were impressive (Markham J., 2006):
in 1998 – $31 billion in revenue and $703 million in net income after expenses;
in 1999 – $40 billion in revenue and $893 million in net income after expenses;
in 2000 – $100 billion in revenue and $979 million in net income after expenses.
In fact, the revenues were not real, the financial image presented to the shareholders being an illusion. In order to hide its losses Enron stretched the limitations of accounting standards and took advantage of all the regulatory lacks.
Due to its business specificity, the accounting recording was challenging. First aspect regarded the long-term contracts for which the current accounting rules obliged the company to forecast the future revenues. In this case Enron’s income recognition was made at present (or fair) value, using mark-to-market accounting, regardless the prospective economic conditions. The second aspect was linked with Enron’s reliance on structured financial transactions and, implicitly, on special purpose entities (SPEs). In this area the accounting standards were questionable, being debated by practitioners because of the difference which could be created between real economic situation and companies’ financial indicators.
Behind this “glowing” image, Enron built a network of derivatives trading and transactions with SPEs, which generated substantial revenues not only for the company itself, but also for the company’s directors involved in the SPEs partnerships. The report of investigation of the Enron Special Investigative Committee (Powers W., et al., 2002) mentioned the amounts by which Enron’s employees were illicitly enriched: “â€¦Fastow (i.e. Enron’s CFO) by at least $30 million, Kopper (i.e. Enron’s finance executive) by at least $10 millionâ€¦”.
In October 2001 Enron had to recognize expenses of $1.01 billion after tax and two months later, Enron filed for bankruptcy. Enron’s failure is a clear example of corporate governance malfunction. Managers were compensated with stock options based on the company’s short-term performance with no other restrictions, compensation program that incentivized managers to increase the short-term performance regardless the long-term consequences. Next to Enron’s management, part of the blame is assigned to external auditors (Arthur Andersen) and to parties responsible for the company’s internal governance (see appendix 1 for a graphic representation of the links between Enron’s managers and investors).
Analyzing the implications of accounting rules over the Enron’s scandal one statement must be made. U.S. GAAP are very extensive and, even more, rigid in its provisions, inspiring financial professionals to find creative accounting solutions to avoid the rules.
“Use of undisclosed and improper accounting that materially overstated its income before income taxes and minority interests by approximately $3.055 billion in 2001 and $797 million during the first quarter of 2002” 
“WorldCom’s transfer of its costs to its capital accounts violated the established standards of generally accepted accounting principles”  resulting in $3.8 billion fraud.
“WorldCom violated the anti-fraud and reporting provisions of the federal securities laws” 
WorldCom’s CEO Bernard Ebbers received from the company off-the-books loans of $408 million.
In 1995 LDDC (Long Distance Discount Company) became WorldCom, one of the biggest telecommunication company on the U.S. market. Its CEO, Bernie Embers, joined the company in its early starts, in 1985. During his administration, the company experienced a period of high growth, with revenues reaching billions of dollars. In 1996, after the acquisition of MFS Communication Inc., WorldCom became the fourth biggest telecommunication company (Markham J., 2006), looking forward to using the opportunities offered by the new breakthrough innovations, such as fiber-optics and Internet.
In October 1997 WorldCom announced the merger with MCI Communications for $30 billion. The company continued to grow, reporting earnings of $16 billion (Markham J., 2006) between 1996 and 2000, even if the SEC obstructed the company from considering deductible large amounts spend in research and development.
In the early 2000, the entire telecommunication industry started to slow down, and, also, the stock prices were declining. The same happened in WorldCom’s case. By the middle of 2000, the stock price was almost half its 1999 price. Even so, WorldCom announced surprising profits (Markham J., 2006): $1.4 billion for 2001 and $130 million for the first quarter of 2002 (when in fact the company recorded losses). In March 2002, after an internal audit engagement, WorldCom announced the restatement of its financials figures due to inappropriate accounting recordings of the revenues between beginning of 2001 and first quarter of 2002, revenues which were not in compliance with GGAP provisions.
In June 2002, the SEC charges WorldCom for $3.8 billion fraud  . As it was revealed by the SEC investigation, WorldCom used an accounting artifice to capitalize its “line costs” (e.g. fees paid by WorldCom to third party services providers) and, in this way, to keep company’s earnings at expected levels.
WorldCom filed for bankruptcy in July 2002, “wiping out $180 billion in shareholder equity” (Markham J., 2006). Ebbers was dismissed from the position of WorldCom’s CEO in April 2002  after admitting that he borrowed money from WorldCom in its attempt to cover his losses from buying WorldCom shares  . In 2005 Ebbers was sentenced to 25 years in jail.
As presented by SEC’s WorldCom corporate monitor, Richard Breeden, in his report on the company’s measures to restore its governance, “WorldCom seemed to meet most of the governance standards of its time” (Breeden R., 2003). The company’s configuration included all the necessary structures required for corporate governance (such as audit committee, compensation committee etc.), with almost 80% of the directors fulfilling the independence requirements. But, in fact, most of these “independents” were very strong linked to Ebbers, through their incomes. So, corporate governance is not only accomplishing a checklist with requirements, but being deeply concerned about the independence impediments. In WorldCom’s case the management board failed to assess the company’s risks and to draw corrective risk procedures. In Enron’s case, the board allowed the CFO to participate in financial partnerships (e.g. SPEs), searching for his personal gain.
In both cases, Enron and WorldCom, the CFOs failed to supply accurate financial data. Their fraud involvement was a real obstacle for which the problems were discovered too late.
Hard interpretations of GAAP’s provisions regarding net income and future earnings as well as unrealistic cash flow statements were present also in both companies. Furthermore, lacking of an appropriate internal control system, the adjustments in the companies’ financial reports were easy to be made by the high level employees.
SARBANES-OXLEY ACT OF 2002
The scandals of accounting fraud, corporate misbehaviors, non-compliance with business ethics, and bankruptcies occurred in high-level companies like Enron and WorldCom revealed the market’s strong need for deeper reforms in corporate regulations.
In July 2002, the U.S. Congress ratified the Sarbanes-Oxley Act (known also as the Public Company Accounting Reform and Investors Protection Act of 2002) in response to the corporate crisis. One of the most important legislative action since the Acts of 1933 and 1934, Sarbanes-Oxley has as objectives to rebuild the investors’ trust in the market and to enhance the transparency and morality of public companies, avoiding future similar allegations. Through the Sarbanes-Oxley Act are addressed issues like management’s legal liability, increased independence rules for internal governance agents, mandatory internal control audits, and increased management’s responsibility for financial reporting. Furthermore, Sarbanes-Oxley “increases the SEC’s power to determine that an individual is unfit to serve as an officer or director of a publicly-traded company, even in the absence of a judicial finding of a violation of the federal securities laws” (Fisch J., 2004).
Source: Anand S., 2007, Essentials of Sarbanes-Oxley, John Wiley & Sons, Inc., ISBN 978-0-470-05668-4, page 23.
Emphasizing on the importance of business codes of ethics, in 2003, Harvard Law Review explained the Act’s provisions related to self-policing as a consequence of the general perception that these series of scandals and bankruptcies are not just a failure of the regulations, but a failure of management behavior.
It was not enough anymore to just comply on formal managerial structure and independence requirements. Both, Enron and WorldCom had management boards that complied with independence standards, but were not able to work efficiently due to conflict of interests and strong relationships with CEOs. Furthermore, management boards must be deeply involved in companies’ business and must understand the risks, rather than simply remain independent (Fisch J., 2004). Enron’s and WorldCom’s boards were far away from taking real actions against CEOs/CFOs practices or from reacting in real-time to companies’ difficulties.
Considering the patterns of fraud cases and the fact that CEOs and CFOs acted as primary deceivers, the Sarbanes-Oxley Act states, as main provision, the necessity to increase top-management’s responsibilities for the consistency of companies’ financial statements.
IV.1. SOX’s summary
The Act requirements must be perceived by the companies as a starting point in building operational processes, with an enhanced internal control system through entire business. Complying with SOX is not a one-time project, but a continuous improvement process, with executives going beyond compliance and focusing on the quality of overall business operations (KPMG, 2004).
Source: KPMG, 2004, Sarbanes-Oxley Section 404: An Overview of the PCAOB’s Requirements, KPMG International
Despite the fact that the Sarbanes-Oxley Act is structured in eleven different sections, the law itself must be understood as an overall, compact regulation, and companies must seek for complete compliance. Still, the Act’s objectives are more obvious in certain sections, while other sections are important through their compliant difficulties (Anand S., 2007). The summary of the Act’s titles is presented in appendix 2.
Still, from the compliance point of view and relevance for the two fraud cases previously presented, the most important sections of the Act  are:
Section 302 – regarding the corporate responsibility for financial reports;
In order to avoid deceiving financial statements Section 302 includes provisions related to internal controls and the management responsibility to evaluate the efficiency of these controls and to disclose any deficiency which might have a negative impact over the financial indicators.
Section 401 – for “Disclosures in Periodic Reports”;
The financial statements must contain accurate information and must be issued to the public investors with a clear display in order to avoid any misrepresentation or incorrect statement. Also, the transactions, especially the liabilities, from off-balance sheet must be transparent and presented in the reporting file.
Section 404 – is related with the management mandatory evaluation and certification of companies’ internal control systems;
This section raised many discussions, being one of the most controversial provisions of the Act. The main reason for these discussions was the character of this section which implies the highest amount of resources and efforts to be spend in order to obtain SOX compliance.
As stated by Section 404, in annual financial statements, executive directors must declare their acknowledgement of the responsibility for establishing, implementing and maintaining the internal control system. The main purpose of this statement is to present the investors the internal controls structure and to assure them about its efficiency.
Section 409 – stating the necessity of real-time disclosures when important changes are made in companies’ financial indicators during the periods between quarterly reports.
Without this section the investors would have to base their decisions on obsolete statements. Unlike Section 404, this section didn’t implied heavy resource allocation.
IV.2. Public Company Accounting Oversight Board (PCAOB)
The Sarbanes-Oxley Act created the PCAOB, a private-sector, nonprofit corporation, having as mission “to oversee the auditors of public companies in order to protect investors and the public interest by promoting informative, fair, and independent audit reports” 
By creating the PCAOB, the self-regulating model of accounting industry was no longer valid, the responsibility and authority of creating standards and enforcing audits for public companies being transferred from the profession side (AICPA) to an independent party (PCAOB). Through its provisions, the Sarbanes-Oxley Act obliged, for the first time in regulating history, the auditors of public companies to be overseen by external and independent parties.
The SEC maintained its authoritative power over the PCAOB, by naming the governing board and by amending the organization’s bylaws, standards and budgets  .
SECTION 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS
V.1. Section 404 Rules
As stated by the SOX Section 404, there are a set of rules for management to follow in assessing the internal controls structure within the company. The broad definition of the term “internal control” refers to all the areas within an organization’s business, but inside SOX’s terminology, the “internal control” term is used strictly for defining the internal control over financial reporting.
First of all, the management is responsible for creating the internal controls structure, in accordance with his business processes. An important aspect must be clarified here. Neither internal auditors, nor external auditors are in charge with developing the internal control keys. The company’s CEO and the top-management team must take this responsibility and act in accordance as a whole. Furthermore, it is not enough just to create the system, but to periodically update it in order to keep up with the business changing rhythm.
The assessment of internal controls must be made with a recognized framework. In the U.S. most companies uses COSO framework (the Committee of Sponsoring Organizations of the Treadway Commission framework), or COBIT framework (the Control Objectives for Information and related Technology framework). (We will not discuss these frameworks in this report.)
The internal controls assessment must be performed annually, at the year-end.
The external audit company must not reassess the internal control system, but perform an audit in relation with the management’s appraisal. In other words, the external audit must not redo the entire internal control structure assessment, but only to rely on the management’s performance regarding the internal control appraisal.
Even so, senior management must obtain the full confidence that its assessment presents a true landscape of the internal control system, as of the year-end, with comfortable assurance that any material misstatement can be avoided or identified (The Institute of Internal Auditors, 2008).
V.2. Consequences of Implementing Section 404
Costs of implementing SOX 404. Generally speaking, the costs derived from internal controls implementation and testing can be easily identified as payments for audit and compliance employees, time spent by operational employees and external audit fees. Still, in the first year of compliance, overall efforts were overwhelming due to work amount needed to be done, work which included analyzing documentation, verifying accounts’ balances, monitoring and evaluating controls keys performance and efficiency, establishing reporting structure. One important reason for which compliance process was so complex was the fact that a major part of the control keys were done manually, with very much time-consuming, and only a small part of control keys were IT-based.
Next to these costs, Langevoort D. (2006) mentions “the opportunity costs and the distractions”, referring to the fact that some audit tests require direct observation of operations (e.g. cash processing) and explanations from in-charge personnel or manager. He is going even further by stating that direct control can create discomfort to employees which will impact the sense of trust and decrease the employees’ loyalty.
As mentioned before, the compliance with Section 404 turned out to be the most expensive part of the entire Sarbanes-Oxley Act. In August 2004, the Financial Executives Institute revealed a study of 224 companies which indicated costs up to $3 million for the biggest companies (Rittenberg L., Miller P., 2005). Even more, in an article from BusinessWeek, William Zollars, chairman and CEO of Yellow Roadway, the U.S. largest trucking firm, explained that his company paid about $9 million to accountants for their work, amount which represented 3% of annual profits for 2004  .
After first year of SOX implementation, an analysis carried out by the PCAOB concluded that the costs for compliance were high because, in many cases, too many audit tests were performed and documented by auditors, companies spending too much time on internal controls related to financial reporting processes (O’Brien P., 2006).
Still, as presented in the left hand picture, in January 2005, according to a survey developed by the Institute of Internal Auditors, 72% of respondents considered that the costs are higher than the benefits for SOX 404 first year of implementation.
After six years of SOX compliance, in August 2008, Dodwell W. argues, in an article in the CPA Journal, that initial implementation expenses made by companies are paying off. Next to the costs presented above, the cost-benefit analysis should also consider:
If you need assistance with writing your essay, our professional essay writing service is here to help!Find out more
Cite This Work
To export a reference to this article please select a referencing style below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please: