Sarbanes-Oxley Act Passage
The Sarbanes-Oxley Act, passed in July 2002, was a sweeping corporate governance law enacted in response to the Enron and WorldCom accounting frauds. Sponsored by Senator Paul Sarbanes and Representative Michael Oxley, SOX imposed new requirements on corporate boards, auditors, and financial reporting. It created the Public Company Accounting Oversight Board (PCAOB) as an independent regulator of auditors, required CEOs and CFOs to personally certify financial statements, and mandated auditor independence from consulting services.
This entry covers the Sarbanes-Oxley Act’s passage and provisions. For the context that prompted it, see Enron Scandal and WorldCom Scandal; for subsequent regulatory evolution, see financial regulation.
The context and the urgency
The Enron scandal, revealed in late 2001, had exposed massive accounting fraud at a major corporation and the failure of auditors and boards to detect it. The WorldCom scandal, discovered in mid-2002, revealed that fraud was not isolated but reflected broader systemic failures. Public confidence in corporate America and financial markets was shaken.
Congress moved with unusual speed to pass comprehensive corporate governance legislation. The political momentum was overwhelming — both parties recognized that corporate scandals were damaging to the economy and to confidence. In just four months from introduction to passage, SOX was enacted in July 2002.
The key provisions
Auditor independence: SOX required that external auditors not provide certain consulting services to their audit clients. The concern was that auditing firms, which earned revenues from consulting work, had incentives to avoid antagonizing management and thus to overlook accounting irregularities. Consulting services were prohibited, reducing conflicts of interest.
CEO and CFO certification: SOX required that the CEO and CFO of public companies personally certify the accuracy of the company’s financial statements. This personal liability (including potential criminal penalties) was intended to create incentives for executives to ensure financial reporting accuracy, rather than delegating the responsibility.
Audit committee requirements: SOX required that audit committees of boards include at least one financial expert, and that the audit committee be independent from management. The intention was to strengthen the board’s ability to oversee the auditor and ensure financial reporting integrity.
PCAOB creation: SOX created the Public Company Accounting Oversight Board, an independent regulator of auditing firms. The SEC had previously relied on self-regulation by the profession. The PCAOB was empowered to set auditing standards, inspect audit firms, and discipline auditors for violations.
Financial reporting requirements: SOX required assessment of internal control over financial reporting and disclosure of any material weaknesses. The idea was that strong internal controls, properly designed and monitored, could prevent fraud.
The business response
Initially, SOX faced strong opposition from business groups, which argued that the compliance costs were excessive and that the benefits were uncertain. The costs were real: companies had to invest in internal control assessment, auditor fees rose substantially (particularly for the required assessment of internal controls, Section 404), and IT infrastructure had to be upgraded to meet regulatory requirements.
Over time, the costs moderated as implementation methods were refined. The SEC provided exemptions and safe harbors that reduced some of the burden. But compliance with SOX remained expensive, particularly for smaller companies.
The debate over effectiveness
The question of whether SOX actually prevented fraud or merely imposed costs has been debated. Critics argued that SOX was reactive — it addressed the frauds of 2001–2002 but would not have prevented newer forms of fraud or new bubbles. Defenders noted that after SOX, large accounting frauds became rarer, suggesting that the law had some deterrent effect.
The 2008 financial crisis, which occurred six years after SOX’s passage, suggested that the law’s focus on accounting accuracy in financial reporting did not prevent all forms of financial excess. But the lack of major accounting frauds in the years after 2002 suggested that SOX had succeeded in its narrow goal of tightening auditing and financial reporting.
International spillovers
SOX applied to all companies listed on US stock exchanges, including foreign companies. This gave it extraterritorial reach and influenced corporate governance standards globally. Some countries adopted SOX-like standards; others resisted the burden it imposed on foreign companies.
Legacy: The limits of process-based reform
Sarbanes-Oxley is remembered as a significant but limited reform. It addressed the specific problems revealed by Enron and WorldCom: weaknesses in auditing, lack of board oversight, and poor internal controls. By requiring independence, certification, and stronger boards, it reduced the incidence of traditional accounting fraud.
But it did not address systemic risks like excessive leverage, interconnectedness, or the incentive misalignments that would drive the 2008 financial crisis. Nor could it prevent new forms of fraud or abuse. Still, for its era, SOX was a meaningful response to demonstrated failures.
See also
Closely related
- Enron Scandal — the fraud that prompted SOX
- WorldCom Scandal — another fraud that motivated passage
- PCAOB — the regulator created by SOX
Wider context
- Corporate governance — the domain SOX regulated
- Auditor — the profession regulated
- Financial statement — the instrument improved
- Internal control — required by SOX
- Securities regulation — the regulatory regime