Sarbanes-Oxley
Title XI Corporate Fraud & Accountability
Criminal Penalties The law creates tough penalties for those who destroy records, commit securities fraud, fail to report fraud and retaliate against informants.
Section 807 Criminal Penalties for Defrauding Shareholders of Publicly Traded Companies
Criminal penalties for defrauding shareholders of publicly traded companies, knowing violation fines and/or 25 years imprisoned.
Section 1107 Citation
"Whoever knowingly, with the intent to retaliate, takes any action harmful to any person . . . for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense shall be fined under this title or imprisoned not more than 10 years, or both. . . ."
Section 101: Establishment of PCAOB
-Appointed by the Securities and Exchange Commission, not a government agency. -Aim is to protect investors and other stakeholders of a public company. -Ensure auditors of a company's financial statements have followed a set of strict guidelines. -Five members must be full-time and independent. -Requires two CPAs to serve. -The SEC has oversight authority over the PCAOB, including the approval of the Board's rules, standards, and budget. -Recently started to oversee the audits of brokers and dealers, including compliance reports filed pursuant to federal securities laws.
Section 302
-Corporate Responsibility for Financial Reports
Section 906
-Corporate Responsibility for Financial Reports
Main Points of SOX
-Created the Public Company Accounting Oversight Board or PCAOB, funded by accounting firms and registrants -Revised corporate governance standards -Adds new disclosure requirements -Created new federal crimes related to fraud -Significantly increased criminal penalties for violations of the securities laws
Reforms of SOX
-Creation of PCAOB -Mandates requiring companies to adopt more internal controls -Requirement that the CEO and CFO must certify financial statements and disclosure reports -Rules designed to ensure auditor independence -Requirement that companies have audit committees consisting of independent directors -New restrictions on loans to insiders and stock trading by insiders -Changes in rules governing how corporations disclose information to the public -Protections for whistleblowers and restrictions on document destruction -New and severe criminal and civil penalties for corporate misconduct
Section 802
-Criminal Penalties for Altering Documents
Section 401
-Disclosures in Periodic Reports
Section 406 - Overview
-If you don't have a code, rules do not require you have one but then a company has to explain why it doesn't have a code of ethics. -Companies must provide code of ethics disclosure in their annual reports. -If a company has a defective code - one that doesn't satisfy all the requirements of the Act - then it cannot affirm that is has the required code.
Three COSO Categories of Controls
-Internal Controls over Financial Reporting -Controls over Efficiency and Effectiveness of Operations -Controls over Compliance (with Government regulations)
Section 404
-Management Assessment of Internal Controls
Section 107: Commission Oversight of the Board
-PCAOB empowered to enforce compliance with SEC Act of 1934 -The SEC shall have oversight and enforcement authority over the PCAOB
Section 409
-Real Time Issuer Disclosures
Section 1102 Tampering
Document Destruction A felony with penalties and up to 20 years of imprisonment knowingly destroying documents in a federal or bankruptcy investigation
Section 1106 Increased Penalties
Doubles the penalties for criminal violations of Securities Act of 1934.
PCAOB Standards
In April 2003, the PCAOB adopted substantially all pre-existing standards issued by the AICPA Auditing Standards Board (ASB) to initially establish: "Standards of the PCAOB" http://www.pcaobus.org
Section 409 -Real Time Issuer Disclosures
Issuers are required to disclose to the public, on an urgent basis, information on material changes in their financial condition or operations. These disclosures are to be presented in terms that are easy to understand supported by trend and qualitative information of graphic presentations as appropriate.
Section 201: Discretionary Power Beyond the "8"
It also has one catch-all category authorizing the board to determine by regulation any service it wishes to prohibit for auditors of publicly held companies.
Title I—Public Company Accounting Oversight Board
Sec. 101. Establishment; administrative provisions. Sec. 102. Registration with the Board. Sec. 103. Auditing, quality control, and independence standards and rules. Sec. 104. Inspections of registered public accounting firms. Sec. 105. Investigations and disciplinary proceedings. Sec. 106. Foreign public accounting firms. Sec. 107. Commission oversight of the Board. Sec. 108. Accounting standards. Sec. 109. Funding.
Title II-Auditor Independence
Sec. 201. Services outside the scope of practice of auditors. Sec. 202. Preapproval requirements. Sec. 203. Audit partner rotation. Sec. 204. Auditor reports to audit committees. Sec. 205. Conforming amendments. Sec. 206. Conflicts of interest. Sec. 207. Study of mandatory rotation of registered public accounting firms. Sec. 208. Commission authority. Sec. 209. Considerations by appropriate State regulatory authorities.
Title V: Analyst Conflicts of Interest
Sec. 501 Treatment of securities analysts by registered securities associations and national securities exchanges
Title VIII--Corporate & Criminal Fraud Accountability
Sec. 801. Short title. Sec. 802. Criminal penalties for altering documents. Sec. 803. Debts nondischargeable if incurred in violation of securities fraud laws. Sec. 804. Statute of limitations for securities fraud. Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud. Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud. Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.
Section 406 Code of Ethics Requirements
A code of ethics means standards that are reasonably designed to deter wrongdoing and promote the following: -Honest and ethical conduct, -Ethical handling of actual or apparent conflicts of interest between personal and professional relationships, -Compliance with applicable laws, rules and regulations. Complete, accurate, understandable reporting in SEC filings, Process for the prompt internal reporting of Code of Ethics violations to appropriate persons for resolution, and Accountability for adherence to the Code of Ethics.
Section 404: Enhanced Financial Disclosures
Annual Report to contain an internal report by management describing all material policies, procedures and controls implemented by the company for the purpose of ensuring/improving the accuracy of financial reporting. The company's outside auditor must validate and attest to the accuracy of management's assertions regarding its internal audit control program(s) on an annual basis.
Who does SOX apply to?
Applicable to "issuers" as defined in the SEC Act of 1934. -Companies required to file periodic reports with the SEC -Companies with more than $1,000,000 in total assets and at least 500 shareholders -Companies who have registered securities with the SEC -Companies that are "in registration"
Title III--Overview
Audit Committee appoints Auditor. Must evaluate the effectiveness of internal controls and disclose problems with controls and major fraud. Officers (CEO and CFO) must sign SEC filings and personally repay any bonus or stock profits received for 12 months after inaccurate filing. Prohibits insider trading during "blackout" periods. Attorneys must report material violations first to GC or CEO, then to Audit Committee.
Section 206 Conflicts of interest - Cooling Off Period
Audit firm cannot perform audit if CEO, CFO, controller, chief accounting officer or other key financial position was employed by and participated in the audit 1-year prior to the start of the audit. Example: KPMG ex-partner moved to Nationwide and spent the next year planning rather than actively participating in the company's financial reporting
Sections 402 Conflict of Interest Provisions
Avoiding conflicts of interest, including the periodic disclosure of transactions, relationships and outside activities that could generate an actual or apparent conflict of interest. It shall be unlawful for any issuer directly or indirectly, including through any subsidiary, to extend or maintain credit, to arrange for the extension of credit, or to renew an extension of credit, in the form of a personal loan to or for any director or executive officer of that issuer.
Title III--Corporate Responsibility
Big area for management Putting themselves out there and making sure they represent the company the way they should be Audit committee details here—AC is all over the place
Section 104: Inspections of Registered Public Accounting Firms
Board Inspections and Reports Regarding Auditors: -Requires the Board to conduct inspections annually for audit firms that regularly provide reports for more than 100 issuers, and at least triennially for firms that regularly provide audit reports for 100 or fewer issuers. -The inspection report becomes public information after completion of an appeal period, except for any deficiencies that were resolved within 12 months are confidential
Section 105: Investigation & Disciplinary Proceedings
Board Investigations and Discipline -Requires PCAOB to investigate and discipline violations of the Act, Board rules, securities laws and professional standards -Requires disciplinary sanctions by the PCAOB to be reported to "any appropriate State Regulatory Authority"
Section 802 Criminal Penalties for Altering Documents
Destruction, alteration, concealment of records or interference with an investigation; knowing violation fines and/or 20 years imprisoned. Imposes penalties of fines and/or imprisonment up to 10 years on any accountant who knowingly and willfully violates the requirements of maintenance of all audit or review papers for a period of five years. SEC rule: Accounting firms are to retain for seven years certain records relevant to their audits and reviews of issuer's financial statements.
Title II - Overview
Limits non-audit services of auditor firm and requires audit committee (or subcommittee) approval of non-audit services.
Section 108: Accounting Standards
Mandates that the PCAOB establish Auditing Standards to require: Work paper retention rules. CPA firms utilize a second-partner review and approval of audit reports Testing of companies' internal controls, including reporting of test results
Section 203: Audit Partner Rotation
Mandatory Auditor Rotation: Partner cannot be lead or concurring partner for more than 5 consecutive years.
Title IV - Enhanced Financial Disclosures Overview
Off balance sheet transactions must be reported. Accuracy and completeness required in pro-formas. Ban on personal loans to officers and executives. SEC to define the responsibility of management for establishing adequate internal controls and reporting under 404. Establishment of a Code of Ethics
Section 401: Disclosures in Financial Reports
Off-Balance Sheet Arrangements Registrant should disclose information on its material off-balance sheet arrangements and their material effects on financial condition, changes in financial condition, revenues or expenses, results of operations, liquidity, capital expenditures or capital resources. Non-GAAP Financial Reporting It requires public companies that disclose a non-GAAP financial measure (I.e. pro forma results) to include the most directly comparable GAAP financial measure and a reconciliation of the non-GAAP financial measure to the most directly comparable GAAP financial measure.
Section 202: Pre-approval Requirements
Other non-audit services require pre-approval by the audit committee. Tax Services Agreed Upon Procedures Pre-approved non-audit services must be disclosed to investors in periodic reports. Caveat: If non-audit services are less than 5% of the total paid to the auditor, OK without Audit Committee approval!
Section 204: Auditor Reports to Audit Committees
Outside Auditor must timely report to Audit Committee: -All critical accounting policies and practices to be used in financial reports. -All alternative treatments of financial information within GAAP that have been discussed with management, ramifications of their use, and treatment preferred by the Auditor. -Other material written communications with management.
Section 103: Auditing, Quality Control & Independence Standards & Rules
Power to establish and/or adopt auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers
Section 1107 More on Retaliation Against Informants
Prohibits a company from sanctioning an employee because of any lawful act to provide information about "fraud against shareholders" to (1) a Federal agency, (2) Congress, or (3) employee's supervisor. Authorizes civil action for damages and equitable relief, including reinstatement, back pay, and attorneys' fees. 90-day statute of limitations: employee must file claim within 90 days of retaliation. Provision construed narrowly: applies only to information provided in connection with an ongoing proceeding.
Section 1105 Prohibit Persons from Serving as Officers or Directors
Provides authority to the SEC to prohibit persons from serving as officers or directors of an issuer
Section 102: Registration with the Board
Registering all auditors of public companies and brokers and dealers. Registered firms submit an annual report to the PCAOB.
Section 407: Disclosure of Audit Committee Financial Expert
Requires a domestic registrant to annually disclose whether it has at least one "audit committee financial expert" serving on its audit committee, and if so, the name of the expert and whether the expert is independent of management.
Section 301: Public Company Audit Committees
Requires audit committees of public companies to: -Establish procedures for handling complaints regarding questionable accounting or auditing matters, and -Directly responsible for appointing, compensating, retaining and overseeing any registered public accounting firm or advisor the company engages.
Section 406 Code of Ethics for Senior Financial Officers
Requires companies to state if they have adopted a written code of ethics for their principal officers - Includes all management and reporting personnel!
Section 301 Requirements
Requires the Audit Committee to: Directly oversee the Company's external audit firm. Be independent. Have authority to hire advisors. Be adequately funded. Establish procedures for handling complaints about accounting or auditing matters.
Section 303 Improper Influence Conduct of Audits
Section 303 (a) states that officers and directors or those acting under their directions are prohibited from coercing, manipulating, misleading or fraudulently influencing any auditor engaged in the performance of any audit of the company's financial statements, if such person knew or should know that the action could render the financial statements misleading.
Section 806 Protection for Employees who Provide Evidence of Fraud
Several key considerations for ensuring Whistleblower protection and effective incident management are as follows: Establish multiple avenues for reporting compliance concerns. If the reporting options are narrow, at the senior level in the organization, or require reporting to one's direct supervisor, it is unlikely that the employees will be encouraged to use it without fear of retaliation. Employees must be informed that every effort will be made to keep their concerns confidential and/or anonymous.
Section 804 Statute of Limitations for Securities Fraud
Statute of Limitations for fraud is 2 years after discovery or 5 years from violation.
Section 1107 Retaliation Against Informants
Sweeping new protections for whistleblowers Two new criminal provisions to protect whistleblowers
Title XI - Overview
Tampering with a record, destroying, mutilating or impeding, obstructing or attempting to influence an official investigation - up to 20 years. SEC can freeze "extraordinary" payments to executives, shareholders. Persons who have violated SEC laws may be barred from serving as officers or directors of public companies. Retaliation against informants is a crime, with up to a 10 year sentence
Section 201: Services Outside the Scope of Practice of Auditors
The Act lists 8 types of services that are "unlawful" if provided to a publicly held company by its auditor: 1. bookkeeping, 2. information systems design and implementation, 3. appraisals or valuation services, 4. actuarial services, 5. internal audits, 6. management and human resources services, 7. broker/dealer and investment banking services 8. legal or expert services related to audit services.
Section 906 Corporate Responsibility for Financial Reports
The CEO and CFO must certify that the periodic financial reports fully comply with 1934 Securities Exchange Act and that the information fairly presents financial condition and results of operations.
Section 302 Corporate Responsibility of Financial Reports
The CEO and CFO must certify the accuracy and completeness of annual and quarterly reports based on the disclosure control and procedures designed to ensure that the company accumulates, assesses and accurately discloses the information required in its SEC quarterly and annual reports. Periodic statutory financial reports are to include certifications that: • The signing officers have reviewed the report • The report does not contain any material untrue statements or material omission or be considered misleading • The financial statements and related information fairly present the financial condition and the results in all material respects • The signing officers are responsible for internal controls and have evaluated these internal controls within the previous ninety days and have reported on their findings • A list of all deficiencies in the internal controls and information on any fraud that involves employees who are involved with internal activities • Any significant changes in internal controls or related factors that could have a negative impact on the internal controls
Section 408: Enhanced Review of Periodic Disclosures by Issuers
The SEC is to review the financial statements and disclosures of issuers on a regular and systematic basis
Goal of SOX
To ultimately restore investor confidence in financial reporting and public capital markets.