The Sarbanes–Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002. It is named after sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH).
The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.
The legislation set new or enhanced standards for all U.S. public company boards, management and public accounting firms. It does not apply to privately held companies. The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. Harvey Pitt, the 26th chairman of the Securities and Exchange Commission (SEC), led the SEC in the adoption of dozens of rules to implement the Sarbanes–Oxley Act. It created a new, quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting firms in their roles as auditors of public companies. The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
The act was approved by the House by a vote of 423–3 and by the Senate 99–0. Former President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt."
See our detailed overview for public companies via this link here.
Comprehensive Overview
We thought this information would be interesting to our readers.
As many of you know, since March of this year, I have been in Spain, Italy, all over China (several times), and all over the US implementing Sarbanes-Oxley requirements using our SOX Compliance Made Simple © product with great success.
Since the permanent reprieve for Section 404(b) for non-accelerated filers, or, those companies with a market capitalization under $75 million was granted last month (via the Wall Street Reform Act), we haven't slowed down. In fact, just last week we won our largest client to date and several other smaller clients for our SOX Basic © product! We are seeing a significant uptake in demand for our control rationalization services where we perform an analysis of existing control counts against our best-practice library of internal controls to identify redundancies and over-control. To this end, we successfully completed this type of service for iMergent who has Deloitte as external audit (see the press release here) and we are starting on another rationalization project this week. In addition, we have won several new clients for testing services.
Needless to say, Sarbanes-Oxley demand is up, actually, more so than last year at this time. We contribute this demand to a healthier economic environment and to the need for procedure to ensure accurate financials and efficient staff (which any company in the world could benefit from). Learn more about our products here.
One Day SOX Implementation for Expanding Gold Mining Company
PETALUMA, Calif. - August 24, 2010 -
Vibato recently completed a SOX implementation for Golden Phoenix Minerals, Inc. (OTC Bulletin Board: GPXM). They are a Nevada-based mining company (www.Golden-Phoenix.com) whose focus is Royalty Mining in the Americas, who engaged Vibato to re-engineer their SOX environment to establish a strong internal control infrastructure for their future growth plans. Vibato delivered a product suite consisting of a risk assessment, segregation of duties analysis, control matrix with complete supplemental documentation, and fully-integrated testing plans, in just one day on-site.
“Our previous experience with SOX had been a disappointment, with six consultants providing an onerous set of documentation that was designed for manufacturing and not mining,” said J. Roland Vetter, chief financial officer of Golden Phoenix Minerals, Inc. “But our experience with Vibato could not have been better. They actually got our accounting staff to look forward to working on SOX-related activities again, and we are counting on them to support our SOX testing and expansion efforts as we grow.”
“We never like to hear SOX implementation horror stories, but we are always excited when the real value of our approach is recognized,” said Bill Bockwoldt, chief executive officer of Vibato. “Companies like Golden Phoenix, who are beginning to experience rapid growth, must be able to rely on their internal controls automation and scalability to facilitate their expansion."
Vibato continues to expand their roster of satisfied clients, while seeking to build stronger relationships with consulting and services firms who offer expertise in the areas of audit, compliance and risk management. Vibato’s unique approach has been benchmarked against the Big Four audit plans and has been deployed successfully across a diverse array of industries and companies. Vibato solutions focus on scalability, standardization, modularity, and efficiency to deliver the most compelling compliance tools available for companies of all sizes, across any type of industry.
About Vibato
Vibato, LLC is dedicated to providing the most cost-effective compliance solutions available. Our mission is to help you reduce audit and compliance fees, improve financial transparency, and run your business more efficiently. For more information, please visit us at www.vibato.com or contact us directly at mail@vibato.com.
One Week Implementation Effort Produced a One-Year ROI
PETALUMA, Calif. - August 11, 2010 - Vibato announces the completion of a recent process reengineering project for iMergent, Inc. (AMEX: IIG), a leading provider of proprietary e-commerce software platforms and portfolio services with multiple subsidiaries. iMergent engaged Vibato to reengineer their internal control infrastructure, implement best-practice controls, and provide a fully-integrated testing environment. Vibato implemented a high level risk assessment, six process control cycles and a segregation of duties analysis to give iMergent an improved internal control environment for their 2011 fiscal year, ready for testing work, and reviewed the transition for completeness and accuracy with their external auditors. The process was completed in four days, with active participation by iMergent’s finance organization.
“We wanted a revamp of our internal control environment with a focus on controls reduction and an integrated environment by having more direct and precise controls. We were very impressed with the efficiency and scalability of Vibato’s approach, especially considering our business complexity,” said Jonathan Erickson, Chief Financial Officer of iMergent, Inc. “The significant reduction in controls from 339 down to 107, combined with the integrated testing capabilities, will allow us to be more efficient in our processes and testing. This is a great example of Vibato’s value-driven focus and commitment to customer success.”
“Our tools are designed specifically for this type of implementation project, even for complexities in such areas as software revenue recognition” said Bill Bockwoldt, Chief Executive Officer of Vibato. “I believe our success with iMergent is a clear indication that our unique approach to managing internal controls for financial reporting continues to position us as the most cost-effective compliance provider in this area today.”
iMergent, Inc. (AMEX: IIG) provides proprietary e-commerce software platforms and portfolio services, through their StoresOnline and Crexendo subsidiaries, including web design and development, custom programming, SEO services and internet marketing and training to entrepreneurs and businesses, enabling them to sell and market their products or services over the Internet. For more information, please visit www.imergentinc.com.
Vibato, LLC is dedicated to providing the most cost-effective compliance solutions available. Our mission is to help you reduce audit and compliance fees, improve financial transparency and run your business more efficiently.
This was an excellent article on why it is more important than ever to accurately document your company-specific risk exposure. The SEC Top 10 List of most frequently questioned issues over the last two years includes “Ineffective internal or disclosure controls”, an area that we believe will be receiving even greater scrutiny in light of the recent Sarbanes-Oxley 404(b) exemption for non-accelerated filers.
You can read the full article here.
The Public Company Accounting Oversight Board has made a concept release on the "Possible Rulemaking Approaches to Complement Application of Section 105 (C)(6) of the Sarbanes-Oxley Act of 2002."
If you would like to view the press release detailing the PCAOB's reasons for making this release, please click here.
To view the actual release and rule filings, please click here.
Now that the wait for the 404(b) reprieve is over, it appears that a new trend is emerging to investigate 404(a) statements more closely, as expressed in recent articles on investor and auditor sentiment regarding the legislative change. We are hearing from auditors directly that they will be applying more scrutiny to 404(a) statements made by their clients in their financial reports, to ensure that there is a real basis for self-certification. The newly aggressive SEC and DOJ are expanding personnel and focusing on Corporate Governance and the role of Audit Committees, Directors and Company Officers in Compliance and Financial reporting.
Section 404(a) includes many of the same requirements that 404(b) sought to examine:
- The annual assessment must be performed by both a Competent and Objective party per SEC guidelines.
- Companies must still include a certification by the Chief Executive Officer and Chief Accounting Officer that they tested financial controls as part of annual yearly 10K statements.
- The establishment and documentation of internal controls around financial reporting and the systems used to produce financial reports (this includes IT-related controls).
- Testing of these internal controls to prove that they are in place and functioning as specified.
- Attestation (Section 302) by executive management that all controls are in place and have been tested as working.
- Compliance with this legislation since 2007 (which means you should have been doing this, per existing law, for the last 3 years already).
While many wonder if the “self-certification” aspect lets the auditors off the hook, it may become a new yardstick by which external auditors will evaluate annual financial reports, and hence many of the same questions asked during a 404(b) audit will still apply. If auditors cannot find basis for these certifications, it may open up a new area of investigation that could inevitably lead to the same type of scrutiny (and cost) applied to a 404(b) implementation engagement.
We believe that companies would be well-served by being prepared for these types of inquiries from both their investing public and their external audit partners.
Here at Vibato, we were recently questioned about what the Wall Street Reform Act means for non-accelerated filers with June 30th year-ends. Some lawyers have been claiming that the Wall Street Reform Act will be retroactively applied to these companies, so we contacted the SEC about the issue.
Through speaking with members of the SEC, we found that SOX 404(b) exemption will not be retroactively applied to non-accelerated filers with a June 30th year end. However, what really matters for non-accelerated filers is the date that they file(d) their Form 10K as per Rule 12b-10. If the non-accelerated filer filed their 10K form before 21 July 2010 (the date the President signed the Wall Street Reform Act), then they must comply with SOX 404(b). If they file their 10K form after 21 July 2010, they do not have to comply with SOX 404(b). So for non-accelerated files with a June 30 year end, the real question is when was/will their Form 10K be filed. This determines whether or not their 10K form must be compliant with SOX 404(b).
In simplest terms, when you make a Form 10K filing, you must comply with the laws in place at the time of your filing, even if the law changes after your filing.
POST UPDATE:
From the AICPA:
The Act exempts non-accelerated filers from compliance with SOX Section 404(b) requirements which relate to the independent auditor's attestation on the effectiveness of issuer's internal control over financial reporting. Without this exemption, non-accelerated filers would have had to comply with SOX Section 404(b) beginning with their annual reports for fiscal years ending on or after June 15, 2010, the expiration of the SEC's deferral period.
SEC Chairman Mary Schapiro on July 20, 2010 during her testimony before the U.S. House of Representatives Committee on Financial Services, Subcommittee on Capital Markets, Insurance and Government-Sponsored Enterprises on the Oversight of the SEC: Evaluating Present Reforms and Future Challenges indicated that the SEC will make it clear that they will not expect issuers to comply with SOX Section 404(b) if they are otherwise exempted under the law.
Read more at the link.
The article below was sent from a dear friend of mine and fellow SOX enthusiast, Clark Keeler, Director, BPM. I find the article to have a significant amount of irony considering it claims that "American business people of a conservative nature have been dreaming about driving a stake through the heart of the Sarbanes-Oxley act ever since the legislation was passed..." It would seem to me that if a person was truly fiscally conservative, they would consider Sarbanes-Oxley to be the prudent choice rather than the radical one. Internal controls require there to be a check point in a business procedure that requires someone other than the preparer of the documentation to verify the accuracy of what was prepared. This verification prevents someone from acting alone when making decisions about shareholder assets (physical assets, capital, intangible assets, etc). I am of the opinion that this double check adds a necessary layer of review considering the potential for fraud, errors, omissions, etc. Considering all that we at Vibato, LLC have found when testing internal controls, this is no longer just opinion but rather, fact. Read more on the article here:
“Two cheers for Sarbanes-Oxley
The Supreme Court gets it right by tweaking, but not overturning, the controversial legislation
Jun 29th 2010
AMERICAN business people of a conservative nature have been dreaming about driving a stake through the heart of the Sarbanes-Oxley act ever since the legislation was passed, back in 2002, in the wake of the Enron, Tyco, WorldCom and Global Crossing scandals. George Bush rightly described the legislation as “the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt”. But to its critics it is far-reaching in the wrong direction. The American Enterprise Institute, a right-wing think-tank, has dismissed Sarbox as a “colossal failure”. Ron Paul, a Texan libertarian, has argued that it puts America at a competitive disadvantage. The Wall Street Journal thunders that it has “imposed hundreds of billions of dollars in costs on business with no noticeable decline in financial scandals”. Newt Gingrich has urged Congress, the body that he once dominated, to repeal the act.”
See the full article here.
Yesterday the PCAOB released a news release about the Wall Street Reform Act's passage yesterday morning.
Please follow this link to read the whole release.
"From the PCAOB:
Washington, D.C., July 21, 2010 – Today’s enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act facilitates the PCAOB’s ability to share information with foreign auditor oversight authorities and closes gaps in the Board’s authority to oversee audits of brokers and dealers."