Sarbanes-Oxley: Five years on

Posted by Reading Time: 2 minutes

By Andy Scott

Aug. 2 – Monday was the fifth anniversary of the signing of the Sarbanes Oxley Act, a law that has had a huge impact on business and accounting practices both in the United States, and overseas.

One will remember that as a result of the financial scandals in the United States like the spectacular meltdown of public companies like Enron and WorldCom, and the subsequent conviction of their accounting firm Arthur Andersen, The U.S. Congress wrote, and President Bush signed into law, the Sarbanes-Oxley Act of 2002 (SOX). The intent of the act was to address structural internal accounting control weaknesses that affect the capital markets and may contribute to massive stockholder losses, substantial misstatements in the financial statements, the failure of boards of directors and public accountants to detect and correct errors on a timely basis, and the failures of stock analysts to detect weaknesses in financial information.

The impact of SOX on businesses in China was that all accounting firms now had to be registered with the newly created Public Company Accounting Oversight Board (PCAOB). As we wrote in the December, 2005 issue of China Briefing:

In terms of China, you should note that the need to register includes accounting firms that are based outside of the United States if they prepare audit reports for public companies with securities traded on U.S. exchanges.

As Section 106 of the act states in part: “Any foreign public accounting firm that prepares or furnishes an audit report with respect to any issuer, shall be subject to this Act and the rules of the Board and the Commission issued under this Act, in the same manner and to the same extent as a public accounting firm that is organized and operates under the laws of the United States or any State…”

Moreover the U.S. board has authority over foreign accounting firms that play a significant role in such an audit, but do not issue a report. So your China-based accountants, whether local or foreign, must be registered for each audit. This, like some other recent U.S. legislation on national security issues, is a significant extension of the international reach of U.S. legislation.

Of course, being compliant with all the provisions of SOX, especially Section 404 which requires companies to tighten internal controls, requires time and money. A recent Wall Street Journal article stated that by the end of this year, public companies in the United States will have spent US$26 billion because of the act. The WSJ Business Technology Blog says that most of the chief information officers they spoke to about Sarbanes-Oxley say that they had to set aside more strategic projects in order to focus on compliance.

So was it all worthwhile? On one hand, IT engaged in some much-needed cleanup, fixing processes and small bugs that probably wouldn’t have gotten fixed without the regulatory whip. On the other hand, it took a lot of time and money that could have been invested elsewhere, and probably hasn’t done much to stop corporate fraud.