The Sarbanes–Oxley (SOX) Act of 2002, also commonly called Sarbanes–Oxley, Sarbox or SOX, is a federal law in the United States that was enacted July 30, 2002. SOX mandates that executive management must individually certify the accuracy of financial information within an organization. In addition, much more severe penalties for fraudulent financial activity were implemented.
This regulation applies to any company which is publicly traded. There are also similar regulations in countries such as Canada, Japan, Germany, France, Italy, Australia, Israel, India and South Africa.
Key provisions for SOX:
- 4.1 Sarbanes–Oxley Section 302: Disclosure controls
- 4.2 Sarbanes–Oxley Section 303: Improper influence on conduct of audits
- 4.3 Sarbanes–Oxley Section 401: Disclosures in periodic reports (Off-balance sheet items)
- 4.4 Sarbanes–Oxley Section 404: Assessment of internal control
- 4.5 Sarbanes–Oxley 404 and smaller public companies
- 4.6 Sarbanes–Oxley Section 802: Criminal penalties for influencing US agency investigation/proper administration
- 4.7 Sarbanes–Oxley Section 906: Criminal penalties for CEO/CFO financial statement certification
- 4.8 Sarbanes–Oxley Section 1107: Criminal penalties for retaliation against whistleblowers
From a technical controls perspective, corporations are required to adhere to Section 404 which requires management and external auditors report on the adequacy of the company’s internal control on financial reporting.