As passed by Congress, SOX consists of 68 sections spread over 66 pages of small type. The act prescribes auditor behavior, analyst behavior, corporate employee and officer behavior, and establishes rules to follow and an oversight board for monitoring financial statements. The Act closes with a set of draconian punishments for those who violate its provisions, including prison terms and fines of up to $25 million.
Had the standards mandated by SOX been in place before the ethical lapses of Enron, WorldCom and Charter Communications, the attorneys, accountants, and management purportedly serving the shareholders of those firms would have been less likely to have engaged in their misdeeds because they would have faced the severe penalties mandated by SOX. In addition, SOX prescribes more rigorous and formal corporate controls over the finances of the company that would have discouraged misbehavior. These issues will be discussed later in this paper.
The good news regarding SOX is that its provisions apply only to businesses required to be registered with the Securities and Exchange Commission.
The bad news, at least in this author’s opinion, is that SOX establishes a set of standards to which all businesses will be compared in court proceedings involving the issues addressed by SOX. That news, however, is not as bad as it may seem. SOX offers sound prescriptions for all companies, publicly traded or not. Furthermore, most non-public companies would be wise to do voluntarily many of the things required of publicly traded companies. By doing so, companies will provide themselves and their officers protection from shareholder litigation in two ways:
- Companies that follow the SOX standards are less likely to have difficulties in the areas covered by SOX because their procedures will help them anticipate and avoid those problems covered by SOX.
- Companies that do experience difficulties despite having adopted SOX standards can point to their procedures as good faith efforts both to recognize the problems in advance and to avoid covering them up.
What standards does SOX promulgate?
SOX has many sections that deal with issues not strictly relevant to non-public businesses. Those titles will not be covered in this article. SOX also contains two sections, Titles III and IV, that are directly relevant to all entities. The sections below deal with the important standards from Titles III and IV.
Audit committee: SOX mandates an audit committee for public firms. Audit committee members must have no consulting relationship with the company (other than their service on its Board of Directors). SOX mandates that at least one member of the audit committee shall be a financial expert (someone knowledgeable regarding Generally Acceptable Accounting Principles).
The audit committee envisioned by SOX serves at least two functions:
- To select the firm’s auditor and oversee the firm’s audit. The audit committee is ultimately responsible for the financial records of the company and for the firm’s audited financial statements.
- To serve as a point of contact for those wishing to provide information regarding irregularities in the firm’s accounting, accounting controls or audit. SOX mandates that such information may be provided anonymously and that whistleblowers providing true information may not be punished for providing such information.
It can only be an advantage to the shareholders of a firm to have accurate and complete financial information. Non-public companies should find it easy to establish an audit committee as part of the board of directors, even if those non-public companies are receiving reviewed or compiled financial statements.
Officer responsibility for the annual report: SOX mandates that the officer signing a company’s annual report shall have reviewed it. That officer must certify that the annual report contains no untrue statements and that it presents all material (significant) facts regarding the firm.
SOX also requires that the officer signing the report must either certify that the firm has an adequate system of internal controls in place or disclose the inadequacies in the firm’s internal control system. He or she must also disclose any fraud (even if immaterial) that involves management or other employees who have a “significant role in the issuer’s internal controls.”
The standards required by SOX for public firms are standards that every non-public firm shareholder should embrace. Those standards provide the minimum financial protections that an investor should enjoy a financial report that has been reviewed by a knowledgeable officer and internal controls that protect the integrity of the financial statements.
Audited internal controls report: SOX mandates that the firm provide an internal controls report. That report must state that management is responsible for an adequate internal control structure and should further assess the effectiveness of such internal controls.
The firm’s auditors are required to provide an attestation regarding the firm’s report on its internal controls, stating that the auditor has examined the internal controls report and stating whether the auditor finds it accurate and adequate in scope.
This section of SOX simply underscores the importance of internal controls and provides a separate report and attestation on those internal controls. Although it may not be necessary for a non-public firm to go through the extra costs of an attest report on its internal controls, internal controls should be carefully examined by the auditor to assure that such controls are effective.
Responsibilities of the firm’s outside attorneys: SOX mandates that the company’s outside attorneys shall report any evidence of “…breach of fiduciary duty or similar violation by the company or any agent thereof to the chief legal counsel or chief executive officer of the company, and, if that person does not appropriately respond to the violation, to the audit committee of the board of directors.”
This requirement of SOX assures that the outside counsel has both a place and a duty to report violations of fiduciary duty within the firm. It requires counsel to be part of the solution to ethical violations rather than to engage in covering them up. Note, however, that outside counsel’s duty ends in informing the firm of the violation, although outside counsel retains legal privilege.
Off-balance sheet transactions: Under the standards of SOX, the firm’s financial statements must disclose material off-balance sheet transactions. Part of the reason that Enron fell was due to its off-balance sheet transactions, many of which benefited the officers of the firm to the detriment of other investors. Enron’s off-balance sheet transactions would, at a minimum, have been fully disclosed under SOX standards, and it is likely that simply disclosing them would have made them unattractive to those proposing such transactions.
Code of ethics for senior financial officers: SOX requires that the firm establish a written code of ethics for its senior financial officers that reasonably promotes:
- “honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships”;
- “full, fair, accurate, timely and understandable disclosures in the periodic reports”; and
- “compliance with applicable governmental rules and regulations.”
Shareholders have every right to expect that the officers of the firm are operating in the company’s benefit. That is both their fiduciary duty and their obligation as shareholder agents. These two SOX mandates help assure appropriate financial officer conduct for public firms. Furthermore, non-public firm shareholders should embrace these standards as well.
What should a non-public firm do in light of SOX?
The goal of financial reporting is to provide accurate and transparent financial statements to the shareholders of a firm and interested others. Whether those financial statements are provided by a publicly traded firm or by a firm whose stocks is not listed, the information needs of investors are similar.
SOX provides several useful prescriptions for the non-public firm. It also provides a legal standard for the adequate conduct of a firm’s financial activities in the 21st Century. In addition, SOX codifies common sense advice found in every first year accounting textbook.
Among the important SOX provisions that all firms should adopt are the following:
- The firm should establish a written code of ethics for its senior financial staff assuring that they do the job that is reasonably expected of them, putting the firm ahead of their personal financial interests as they do those jobs.
- The firm should establish, adopt, and document internal controls that assure the user of financial statements and the firm as a whole that the firm is being well run.
- The firm should establish an audit committee of the Board of Directors to serve as a focus for the financial reporting function. Included in the assignment of that audit committee is the duty to receive complaints regarding financial inappropriateness.
- The signer of the firm’s financial report must review that report and testify that it is accurate, free of material misstatements, and that internal controls are in place to assure its accuracy.
- Corporate attorneys should have a place to report ethical violations by the firm and to assure that such violations have been acted on. Attorneys should be informed that the firm expects their diligence in this area.
- The firm must report any material off-balance sheet financial transactions. Non-public firms often engage in related-party transactions that may have the appearance of off-balance sheet transactions. Those related-party transactions may operate to the advantage of the related party and to the disadvantage of other shareholders. SOX reminds us that those transactions should be fully disclosed. In many cases, full disclosure will lead to those transactions being repudiated.
These common sense recommendations by SOX provide firms objective standards for corporate financial conduct. If implemented, they will limit inappropriate corporate and corporate officer misbehavior, and they will provide a reasonable defense to shareholder complaints regarding such misbehavior.
Shareholders of a non-public firm have every right to expect that SOX-like safeguards are in place in their firms. Shareholders should press for early adoption of these SOX standards in non-public companies.