Why SOX Exists
The Sarbanes-Oxley Act of 2002 was enacted after Enron, WorldCom, and other corporate scandals. It created the PCAOB to oversee audits of public companies, established new independence rules, and required management assessment of internal controls.
Key SOX Provisions
Section 302: CEO/CFO must certify financial statements. Section 404: Management must assess internal controls; auditor must attest to that assessment. Section 802: Criminal penalties for destroying documents. Section 906: Criminal penalties for false certifications.
The PCAOB
The Public Company Accounting Oversight Board registers and inspects audit firms, establishes auditing standards (AS series), and can impose sanctions. It replaced the AICPA's role in setting auditing standards for public company audits.
Audit Committee Requirements
SOX requires that audit committees of public companies be composed entirely of independent directors. At least one member must be a financial expert. The audit committee is responsible for appointing, compensating, and overseeing the external auditor.