Disclosure: BestAccountingSoftware is reader-supported. When you buy products through links on our site, we may earn a commission. Learn more.

The Sarbanes-Oxley Act and What It Means for Your Business

Susan Honea

Susan Honea – 8 years experience helping businesses with bookkeeping, tax preparation and auditing

Last updated: November 3, 2020

The Sarbanes Oxley act was created in 2002 to increase investor confidence after cases of financial reporting fraud. We explain what the Sarbanes Oxley Act is and how it still impacts your business today.

The Sarbanes-Oxley Act and What It Means for Your Business

During 2001, the accounting world began to notice irregularities in financial reports coming from successful companies that sold stock on Wall Street. The first company to come under investigation for possible financial reporting fraud was Enron. Their status as a blue chip stock company—a corporation with a reputation for maintaining profit during good and bad times and being reliable for investors—became subject for debate.

What the public didn’t know was that Enron’s company officers had been sweeping large profit losses under the rug, hiding them from the investing world. When this came out, a nearly $90 share became worth pennies overnight.

The fall of Enron revealed an ugly secret in the world of large corporations selling stock on Wall Street. Enron wasn’t alone with the fraudulent financial reports; in fact, there were many others doing the same thing, attempting to look profitable to investors when instead they were taking on massive profit losses that would turn investors off had the companies been more transparent. Employees who spoke out about the fraud faced retaliation—they were blacklisted, fired, and silenced. The combination of multiple large corporations producing fraudulent financial reports prompted the federal legislative branch to do something about the ongoing problem.

Overview of the Sarbanes-Oxley Act

Senator Paul Sarbanes from Maryland and Representative Michael Oxley of Ohio introduced the Sarbanes-Oxley Act (SOX) to the U.S. Congress in early 2002. Their purpose for introducing this act was to reinstill the confidence of investors. Investors at that time began to feel wary about investing in companies that were supposed to be reliable when in fact there was nobody—thus, no oversight—preventing the companies from producing fraudulent financial reports.

Many things changed in the accounting landscape after the law was passed. Since its inception in 1934, the Securities and Exchange Commision (SEC) had never before been given such auditory or prosecution power. The SOX act also introduced the Public Company Accounting Oversight Board (PCAOB), which regulates and investigates financial claims under the SEC. SOX was signed into law to increase public confidence in the American stock exchange, and it did this by providing many deterrents against fraud.

Most notably, CEOs and other senior officers within a publicly-traded company would now be held responsible for any illegal activity discovered by the PCAOB. SOX did this by requiring officers to sign off on financial statements, incentivizing accurate reporting on all levels. The act was also intended to protect potential whistleblowers from retaliation. Fraud, too, came at a higher price, with the act increasing the potential length of prison stays for those convicted. Non-compliance with the regulation can result in up to $1 million in fines and up to 10 years of jail time. If someone is found guilty of fraud, they can face up to $5 million in fines and up to 20 years of jail time.

Smaller companies are not generally affected by Sarbanes-Oxley. The law doesn’t come into effect until a company makes its initial public offering (IPO). First, companies must be inspected and cleared by the PCAOB before they are allowed to begin trading. Companies must also provide a description of their internal controls and allow the governing board free roam to investigate the companies’ procedures. The SEC can continue this type of investigation after the company’s IPO has been made and trading has begun. SOX essentially gives the SEC full power to conduct random company inspections. The act also requires that the SEC be given any and all information they request, and any hindrance of an SEC investigation can result in fines or jail time.

Major Provisions

Section 302 of SOX created an officer certification provision. In other words, a senior corporate officer must certify that financial statements are accurate and meet SEC requirements. If a company officer signs a financial report that has inconsistencies in it, SOX requires them to make an accounting restatement. Certifying an inaccurate return without restating financials not only jeopardizes the officer’s end-of-year bonus because potential misconduct can force the manager to lose out on bonuses according to SOX, but also can result in fines and/or jail time.

The biggest change SOX brought to the accounting world was how accounting tasks would be carried out day to day. Companies are now required to include all off-balance sheets in their quarterly reports. Off-balance sheet items are assets and liabilities that aren’t included on a company’s balance sheet. Historically, typical off-balance sheet items included accounts receivable, operating leases, and secured debt, allowing companies to hide potentially toxic assets from investors. Now, because of changes resulting from SOX provisions and subsequent investigations, all relevant information must be reported and certified as accurate.

More importantly though, independent auditors have now become the first line of defense against corporate fraud. Section 404 of SOX created the internal controls and reporting provisions that are required today in public companies. While internal controls can be expensive and time-consuming to create and implement, they are required, and they create standard protocols and transparency measures that are important to investors. In addition, independent auditors are required to monitor company financial claims and report any misconduct to the governing boards. An auditor’s failure to accurately report any fraudulent acts can result in license revocation revoked, fines, or even jail time.

Finally, Section 802 of SOX created rules around records retention and destruction. One of the biggest red flags at Enron and its accounting firm at the time, Arthur Andersen LLP, was the destruction of relevant records. Some estimates suggest that thousands of electronic documents and untold numbers of paper records may have been destroyed in the process, thus limiting independent auditors’ investigative efforts. Though records destruction can and does happen in all companies today, specific rules established by SOX require companies to meet retention and storage conditions.

Impact of the Sarbanes-Oxley Act

According to the Center of Audit Quality (CAQ), since SOX was enacted in 2002, the number of companies needing to make accounting restatements has declined. Similarly, investor confidence in audited financial statements and publicly traded companies has grown, and independent auditors who oversee large companies have expressed greater confidence in companies’ reporting. Furthermore, overall audit quality has improved, and emphasis on process improvement and deficiency correction has increased. In addition, CAC ran an independent study 15 years after the SOX Act was passed in which they asked Chief Financial Officers what they thought about the act, and 79% believed the act, specifically the 404B section, has improved the quality of information in financial reporting for investors.

The CAC polls reflect the impressions from large corporations, but what about the small business side? Publicly-traded small companies must comply fully with SOX. There are no exceptions to this requirement. Though companies that are not traded publicly (i.e., a private company, charity, or non-profit) are not required to follow all SOX regulations, some provisions (e.g., document retention and destruction protocols) can be interpreted to apply in certain legal proceedings, and the impact of those requirements can be seen as challenging to smaller companies. In other words, SOX has opened the door and established legal precedent for holding non-public companies to other “common sense” SOX standards, including independent audit, ethics violation reporting, accurate and certified financial reports, internal controls, and off-balance sheet reporting.

For example, one key SOX regulation requires that day-to-day financial management be shared across multiple people. More specifically, a single employee cannot be the sole cash counter and then post deposits and report the money earned to the general ledger (GL). The reason for this is that it leaves room for embezzlement and financial errors. Thus, additional personnel and controls may be required, creating a higher overhead expense for a small business.

The positive aspect of SOX is obviously that financial reports will be more accurate and honest, but SOX was meant to stop larger corporations from committing fraud that impacts a larger fraction of our economy. More than likely, poor financial reporting from small businesses will not impact Wall Street investors, but that doesn’t mean small businesses shouldn’t be held accountable for the same level of fraud. It just means small businesses have to spend more of their smaller profit margins to ensure they comply with SOX.

The Section 1519 Conundrum

One of the most prominent cases of a small businessman being targeted under SOX happened in 2014. A commercial fisherman named John L. Yates was sentenced to 30 days in jail as well as three years probation. While there are many varying factors in the case, Yates initially was given a civil infraction by Florida Fish and Wildlife for fishing undersized grouper. Yates was immediately ordered to dock until further investigation could be made. After the secondary investigation was completed, Florida Fish and Wildlife decided that the total number of undersized fish had decreased from the agent’s original investigation.

Yates’s crewmates claim that Yates had ordered them to throw the undersized fish overboard. Because of this, Yates was indicted on three charges: destroying property to prevent federal seizure; lying to federal agents; and destroying, concealing, and covering up the undersized fish to impede an investigation, in violation of the SOX anti-shredding provision, known as Section 1519. This was an added provision allowing the federal government to prosecute under the terms that any destroyed evidence was considered “shredding.” This is the predicament that Yates faced during his prosecution.

While the section was originally designed specifically for evidentiary documents that could be destroyed during fraud cases, it has since been used to convict anybody who attempts to destroy evidence of any type. Many critics say this is a misuse of the section. Even one of the original SOX authors has criticized the government’s use of Section 1519. Former Rep. Michael G. Oxley stated in an ABA Journal article that “the government’s reading of Section 1519 to reach destruction of any and all things, including piscine creatures, falls flat.”

On the flip side, supporters of Section 1519, including the Federal Government, say that the section is a straightforward ban on destroying evidence. Section 1519 was even used to convict Azamat Tazhayakov, a friend of Boston Marathon bombing suspect Dzhokhar Tsarnaev, for helping conceal the backpack that contained fireworks, a jar of Vaseline, and a thumb drive linked to the bombing. Section 1519 has been used in many other cases, but critics argue that there should be a separate law pertaining to the broader world of destroyed evidence while supporters claim that the provision is good enough the way it is.

Risks and Benefits

The SOX act exists in an odd judicial realm. The Department of Justice (DOJ) does not track SOX convictions, so it is hard to tell how productive the law has been. Supporters of the law have stated that, over the years, investors have become more confident with their investments. Critics argue it does little in way of reprimanding those who commit fraudulent acts. Because of the DOJ’s neglect of records, it is difficult to quantify the effectiveness of SOX. According to an article published in 2007 by CFO.com, more than 70 ex-CFOs have either pleaded to or been found guilty of violating SOX. This is all to say that there are costs and benefits to the act and its effectiveness within the marketplace.

There are several major issues with SOX. The act was created to regulate large businesses, but smaller businesses are still at risk from the act, especially if they wish to expand. Similarly, those who want to take their company public must pass an inspection by both the SEC and PCAOB before trading can begin. If for some reason either entity finds irregularities that do not amount to fraud, the company’s ability to begin public trading can be halted indefinitely.

The Yates case shows that the federal government uses the act to convict those who attempt to destroy any type of evidence during an ongoing investigation although former senator Oxley discourages the practice, specifying that Section 1519 is concerned only with documents within a fraud investigation or any financial investigation made by the SEC. The Yates case is highly interesting as he was under investigation by a state Fish and Wildlife entity yet was convicted under a federal law.

Accountants are also at risk of persecution under the SOX act. Due to the nature of the act, private accountants have become the first line of defense against fraud. Private accountants must now report any inconsistencies to the PCAOB. While penalties for not reporting are high, this still leaves room for human error and other fraudulent acts.

There is also little regulation for the accountants themselves. While all auditing must come from privately contracted accounting professionals, there is a five year limit on accounts before a new accountant must be brought in for corporate audits. After this limit is reached the accountants must rotate off the client and allow a new professional to come in, but this only has to take place for a single year. After the rotated accountant is off for one year, they can be brought back in. This can allow for fraud to take place on both industry and financial levels.

There are also some clear benefits to SOX. With SOX audits, entities such as the SEC or the PCAOB can efficiently investigate for variances and misstatements, allowing for accurate financial reporting and giving investors insight into a company’s financial information, strength of internal controls, and governance in the accounting department. Because of these types of oversights, there is a trend toward more precise financial reporting. Supporters say that due to these implementations, investors have become more confident.


Implemented to crack down on corporate fraud, the Sarbanes-Oxley Act (officially the Public Company Accounting Reform and Investor Protection Act of 2002) provided paths to regulate auditing and emphasize oversight of large publicly traded corporations. The real goal was to increase investor confidence in these companies, made possible through stringent requirements for corporate responsibility and accountability, along with augmented financial disclosures, an oversight board, strict penalties, and auditor independence. While some may find it burdensome to comply with the act, others appreciate the transparency and emphasis on ethical financial reporting.