Sarbanes-Oxley (SOX)

There are various approaches to corporate governance which have developed throughout the world. Generally they all follow the  same ideas.

• A rules-based approach instils the code into law with appropriate penalties for transgression.
• A principles-based approach requires the company to adhere to the spirit rather than the letter of the code. The company must either comply with the code or explain why it has not through reports to the appropriate body and its shareholders.

The UK model is a principles-based one, although since adherence is part of stock exchange listing requirements it cannot be considered to be voluntary for large companies.

The US model is enshrined into law by virtue of Sarbanes-Oxley (SOX). It is, therefore, a rules-based approach.

Choice of governance regime

The decision as to which approach to use for a country can be governed by many factors:

• dominant ownership structure (bank, family or multiple shareholder)
• legal system and its power/ability
• government structure and policies
• state of the economy
• culture and history
• levels of capital inflow or investment coming into the country
• global economic and political climate.

Comply or explain

A principles-based code requires the company to state that it has complied with the requirements of the code or to explain why it could not do so in its annual report. This will leave shareholders to draw their own conclusions regarding the governance of the company.

Arguments in favour of a rules-based approach

Organisation's perspective:

• Clarity in terms of what the company must do - the rules are a legal requirement, clarity should exist and hence no interpretation is required.
• Standardisation for all companies - there is no choice as to complying or explaining and this creates a standardised and possibly fairer approach for all businesses.
• Binding requirements - the criminal nature makes it very clear that the rules must be complied with.

Wider stakeholder perspective:

• Standardisation across all companies - a level playing field is created.
• Sanction - the sanction is criminal and therefore a greater deterrent to transgression.
• Greater confidence in regulatory compliance.

Arguments against a rules-based approach

Organisation's perspective:

• Exploitation of loopholes - the exacting nature of the law lends itself to the seeking of loopholes.
• Underlying belief - the belief is that you must only play by the rules set. There is no suggestion that you should want to play by the rules (i.e. no 'buy-in' is required).
• Flexibility is lost - there is no choice in compliance to reflect the nature of the organisation, its size or stage of development.
• Checklist approach - this can arise as companies seek to comply with all aspects of the rules and start 'box-ticking'.

Wider stakeholder perspective:

• 'Regulation overload' - the volume of rules and amount of legislation may give rise to increasing costs for businesses and for the regulators.
• Legal costs - to enact new legislation to close loopholes.
• Limits - there is no room to improve, or go beyond the minimum level set.
• 'Box-ticking' rather than compliance - this does not lead to well governed organisations.

Sarbanes-Oxley (SOX)

In 2002, following a number of corporate governance scandals such as Enron and WorldCom, tough new corporate governance regulations were introduced in the US by SOX.

• SOX is a rules-based approach to governance.
• SOX is extremely detailed and carries the full force of the law.
• SOX includes requirements for the Securities and Exchange Commission (SEC) to issue certain rules on corporate governance.
• It is relevant to US companies, directors of subsidiaries of US-listed businesses and auditors who are working on US-listed businesses.

Key points

Measures introduced by SOX include:

• All companies with a listing for their shares in the US must provide a signed certificate to the SEC vouching for the accuracy of their financial statements (signed by CEO and chairman).
• If a company's financial statements are restated due to material non-compliance with accounting rules and standards, the CEO and chief finance officer (CFO) must forfeit bonuses awarded in the previous 12 months.
• Restrictions are placed on the type of non-audit work that can be performed for a company by its firm of auditors.
• The senior audit partner working on a client's audit must be changed at least every five years (i.e. audit partner rotation is compulsory).
• An independent five-man board called the Public Company Oversight Board has been established, with responsibilities for enforcing professional standards in accounting and auditing.
• Regulations on the disclosure of off-balance sheet transactions have been tightened up.
• Directors are prohibited from dealing in the shares of their company at 'sensitive times'.

Internal control statement (s404)

Sarbanes-Oxley Act section 404 requires management and the external auditor to publish a statement for external usage that reports on the adequacy of the company's internal control over financial reporting. This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.

The cost of complying with s404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment.

The requirement is that a company's published annual report should include an internal control report of management that contains:

(1) A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company. This will include reference to the fact that an effective system of internal control is the responsibility not just of the CFO but the CEO and the senior executive team as a whole.

(2) A statement identifying the framework used by management to conduct the required evaluation of the effectiveness of the company's internal control over financial reporting.

(3) Management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year, including a statement as to whether or not the company's internal control over financial reporting is effective. The assessment must include disclosure of any material weaknesses in the company's internal control over financial reporting identified by management. Management is not permitted to conclude that the company's internal control over financial reporting is effective if there are one or more material weaknesses in the company's internal control over financial reporting.

(4) A statement that the audit firm that audited the financial statements included in the annual report has issued an attestation report on management's assessment of the company's internal control over financial reporting.

Key effects of SOX

• personal liability of directors for mismanagement and criminal punishment
• improved communication of material issues to shareholders
• improved investor and public confidence in corporate US
• improved internal control and external audit of companies
• greater arm's length relationships between companies and audit firms
• improved governance through audit committees.

Negative reactions to SOX

• Doubling of audit fee costs to organisations
• Onerous documentation and internal control costs
• Reduced flexibility and responsiveness of companies
• Reduced risk taking and competitiveness of organisations
• Limited impact on the ability to stop corporate abuse
• Legislation defines a legal minimum standard and little more.

Rating :	Ratings & Comments  (Click the stars to rate the page)

Tags:	Corporate governance;Sarbanes Oxley;SOX;Internal control statement;s404