Sarbanes-Oxley Act (SOX)

Contributor(s): Mary K. Pratt, Bob Spurzem

The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.

Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.

The legislation, commonly referred to as SOX, sought to both improve the reliability of the public companies' financial reporting as well as restore investor confidence in the wake of high-profile cases of corporate crime. Former U.S. President George W. Bush, who signed the act into law on July 30, 2002, called the act "the most far-reaching reforms of American business practices since the time of Franklin Delano Roosevelt."

SOX primarily sought to regulate financial reporting and other business practices at publicly traded companies. However, some provisions apply to all enterprises, including private companies and not-for-profit organizations.

Additionally, SOX established penalties for noncompliance with its provisions.

The Securities and Exchange Commission (SEC) enforces SOX. The act was named for its sponsors: U.S. Sen. Paul Sarbanes, D-Md., and U.S. Rep. Michael Oxley, R-Ohio.


Federal lawmakers enacted SOX in large part due to corporate scandals at the start of the 21st century.

One such scandal involved energy firm Enron Corp. Enron, considered one of the largest, most successful and innovative companies in the United States around 2000, unraveled in less than two years as both the company's fraudulent practices and its executives' criminal activities came to light.

More context behind the creation of the
Sarbanes-Oxley Act.

Similarly, the telecommunications giant WorldCom became embroiled in scandal as its own fraudulent accounting practices made the news. After filing for bankruptcy in 2002, the company was hit with a $750 million SEC fine. Its chief executive officer (CEO) was sentenced to 25 years in prison, and the chief financial officer (CFO)received a five-year jail sentence as a result of criminal charges in the case.

The financial scandal at Tyco International also preceded SOX. In this case, the company's former CEO and CFO were convicted of stealing hundreds of millions of dollars from the company, falsifying business records and violating other business laws.

Key provisions

The Sarbanes-Oxley Act is arranged into 11 sections, or titles. Two sections of particular note are Section 302 and Section 404.

Section 302 pertains to "Corporate Responsibility for Financial Reports." It established, in part, that CEOs and CFOs must review all financial reports and that the reports are "fairly presented" and don't contain misrepresentations. This section also established that CEOs and CFOs are responsible for the internal accounting controls.

Section 404 deals with "Management Assessment of Internal Controls" and requires companies to publish details about their internal accounting controls and their procedures for financial reporting as part of their annual financial reports. Section 404 requires corporate executives to personally certify the accuracy of their company's financial statements and makes them individually liable if the SEC finds violations.

Other key provisions under SOX include:

  • mandated disclosure of transactions and relationships that are off-balance sheet that could impact financial status;
  • near-ubiquitous prohibition of personal loans from a corporation to executives;
  • establishment of fines and terms of imprisonment for tampering or destroying documents in events of investigations or court action; and
  • requirements for attorneys who represent public companies before the SEC to report security violations to the CEO.

Whistleblower Protection Act

Protection for whistleblowers is another significant provision in the Sarbanes-Oxley Act.

SOX states that employees (and even contractors) who report fraud and/or testify about fraud committed by their employers are protected against retaliation, including dismissal and discrimination.

Auditing under SOX

SOX also created new requirements for corporate auditing practices.

Among its many requirements, SOX requires public corporations to hire independent auditors to review their accounting practices.

SOX also created rules for separation of duties by detailing a number of nonaudit services that a company's auditor cannot perform during audits. These rules are designed to further guard against fraudulent financial practices.

Furthermore, SOX led to the creation of the Public Company Accounting Oversight Board (PCAOB), which sets standards and rules for audit reports. Under SOX, all accounting firms that audit public companies are required to register with the PCAOB. The PCAOB investigates and enforces compliance at the registered accounting firms.

Critical reception

SOX had critics from the start, including many executives who felt they were being unfairly burdened by new regulations due to the dishonest and negligent acts of a few others.

Critics also charged that the act was a politically motivated reaction to a few, albeit high-profile, corporate financial scandals and that the law would hinder competition and business growth.

Corporate leaders also voiced concerns that meeting the regulations laid out in SOX would take too much executive time and cost an exorbitant amount of money. Many complained about Section 404 in particular and said it was overly burdensome.

Benefits of SOX

On the other hand, some business leaders acknowledged the need for improvements and felt SOX could spur better financial practices that would benefit companies and their stakeholders.

Indeed, even some of those skeptical of SOX when it was first passed later acknowledged its benefits as the law was fully implemented in subsequent years.

Specifically, proponents of the law acknowledged that SOX helped businesses improve their financial management by strengthening controls, standardizing processes, improving documentation and creating stronger board oversight.

Studies also have found that SOX increased investor confidence.

Updates since its inception

Despite early and ongoing criticism, SOX remains in place, essentially unchanged from when it was first enacted in 2002, with studies showing that the law did improve financial reporting.

However, many business leaders continue to believe that the resources required to meet the law's mandates are burdensome, noting that research has found that smaller companies are disproportionately burdened by SOX.

Although proponents and critics continue to assess the overall impact of the law, SOX is seen as the most significant piece of security legislation since the Securities Exchange Act of 1934.

This was last updated in May 2018

Continue Reading About Sarbanes-Oxley Act (SOX)

Dig Deeper on Enterprise data storage management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Nice Article. Thanks for the info.
just I want to find out: Sarbanes -Oxley Act was aimed at all of the following EXCEPT;
Auditors of public corporation, Executive of public corporation, compensation committees of public corporation and investment advisers to public corporation
What's been your biggest challenge with meeting SOX compliance rules?


As a customer, Do we need to sign on invoice copy while processing it for payment as per the Sarbanes-Oxley Act? 
How is a company that requests 50% deposit up front to invoice for that last 50%? We have a company that invoice a 100% even after they have been paid the 50% deposit and not applying the 50% we have already paid.They say they cannot adjust the invoice because of SOX. Is this true?
Did you get an answer through email? Or is no one answering the question?
I'm being told and yet I'm not able to read anything to confirm my questions. Our company uses Distributors to sell our product and they often ask for drop shipments ( product being shipped directly from us to there client, we bill Distributor and not there client). Is this form of business now against the SOX regulations?

As a customer, Do we need to sign on invoice copy while processing it for payment as per the Sarbanes-Oxley Act