The Sarbanes Oxley Act 2002 was enacted in the wake of corporate scandals like Enron et al and investor pessimism. It aims at imbibing optimism in a failing economy by improving the accountability of managers to shareholders and bringing greater transparency in corporate operations.

The SoX primarily applies to companies registered under the Securities Act, 1934, i.e. companies with more than $10 million in assets whose securities are held by more than 500 owners and are publicly traded.

Private companies and non-profit organizations are not governed by the letter of the SoX law but by its spirit. Private companies can gain from the well-documented internal controls and governance policies, which will attract investment capital at a lower cost. Also, it would provide more systematic information to the management to enable them to make a more informed decision. Evaluating business controls can contribute to effective and profitable business processes.

The provisions of SoX are wide-ranging. It requires the establishment of an accounting-oversight board. The statute prohibits audit firms from undertaking a variety of non-audit work for their clients with a view to prevent conflict of interest. It requires companies to establish independent audit committees.

Company loans to company executives are forbidden. Top executives are required to certify the company accounts. Further, there is extended protection for whistleblowers- no company may “discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee,” because of any lawful provision of information about suspected fraud.

Measures that matter
Till date, the law’s most onerous provision is its section 404. This provision makes managers responsible for maintaining an “adequate internal control structure and procedures for financial reporting,” and demands that a company’s auditors “attest” the management’s assessment of these controls and disclose any “material weaknesses”. Criminal penalties may be awarded for non-compliance.

The other requirement is that of independent directors. SoX mandates that the corporate audit committee be comprised of independent directors it also recommends at least one financial expert member in the audit committee or if there is none, the company is required to disclose and explain the reason for the absence of one.

In addition, SoX requires all public companies to disclose whether or not they have adopted a code of ethics governing the behavior of senior financial officers. It also mandates disclosure of any subsequent changes to the code. The purpose of the code of ethics is to promote “full, fair, timely and understandable disclosure” and “compliance with the applicable governmental rules and regulations”.

Public Companies
This year, for the first time, small business issuers and foreign issuers were required to file their reports as required by section 404 of SoX for the fiscal year ending on or after April 15, 2005. Large public companies started this new practice in the fiscal year ending on or after June 15, 2004.

Accountants and companies alike have gone overboard in complying with the law. Attorneys/accountants have been overly cautious in interpreting the statute. They would rather err on the side of caution. This has resulted in huge costs for companies, nightmares for all the IT personnel implementing the SoX and, at the end of the day, reduced profits for investors.

On a brighter note, these could be teething problems. Once the corporate compliance systems are in place it would result in providing investors with a greater transparency in corporate functioning.

Private Companies
The SoX compliance provisions are of special significance to private companies who are anticipating an Initial Public Offering or acquisition by a public company. Being SoX compliant would increase the probability of a smooth deal and reduce the risk of post-deal disruptions.

So what private companies would be required to do? For starters, they have to set up strong internal controls over processes generating financial information and documentation. They have to appoint independent directors, and an audit committee to vet their accounts. Based on the cost/benefit analysis, private companies could then gradually scale up SoX compliance procedures as they draw closer to offering an IPO.

Investors
So do the small investors really have enough reason to go gung-ho over SoX?
Under SoX, companies are required to make more disclosures, have tighter internal controls and comply with stricter financial reporting. This translates into cleaner and meaner investments. But the costs of compliance are high, which dip the company’s profit. At the end of the day, it is borne by the small investor in the form of reduced returns on investment. Also, can they really cope with the information overload generated by SoX compliance? That being said, SoX is, at least, a step in the right direction. There is hope in the eyes of the investor. One of the unintended consequences of the SoX enactment is that it has provided a bonanza for accountants and auditors. SoX compliance has become a meal ticket to many.

Conclusion
Two and half years since its enactment, SoX is already mired with controversy and is still a work-in-progress. Although intended to improve the quantity and quality of financial information available to investors, it has sadly led some companies to seek relatively unregulated forms or jurisdictions. Yet, the costs associated with SoX compliance are an investment for the future. The returns will be reaped.

Manisha Aurora & Snehal Patil are associates at the Chugh Firm and can be contacted at info@chugh.com