A decade has passed since the Sarbanes-Oxley Act became law in July 2002. Enacted in response to fraud scandals at companies such as Enron and WorldCom, its corporate governance provisions were directed primarily toward public companies and their auditing firms. The statute was popular enough initially that Congress passed it overwhelmingly—99-0 in the Senate, and 423-3 in the House of Representatives.
In the following decade, however, the law now known as SOX became highly controversial and a target for frequent criticism from both business executives and politicians. Several contenders for the 2012 Republican presidential nomination called for repealing the law entirely, contending it is far too burdensome to business.
SOX even endured a constitutional challenge that reached the U.S. Supreme Court. In 2010 the court ruled, on a 5-4 vote, that one portion of the statute required minor modification to maintain proper separation of powers between the legislative and executive branches of government. However, all the justices agreed that the remainder of the law was valid.
So has Sarbanes-Oxley been effective? Frankly, it is impossible to prove definitively whether it has—or has not—worked.
The fact that Congress had to return only eight years after SOX and pass an even tougher corporate reform law might be some evidence that SOX did not actually go far enough. The 2007-2008 financial crisis led to the far more comprehensive Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Dodd-Frank was aimed at the financial industry in particular, but also included corporate governance provisions applicable to all public companies.
Undoubtedly, SOX imposed additional costs and burdens on public companies—especially smaller ones. Many of those costs resulted from regulations of the Public Company Accounting Oversight Board, a new agency created by SOX to oversee auditing firms after auditors had failed to detect or report accounting irregularities at Enron and other companies.
Some of the accounting board’s new rules, especially those implementing the SOX Section 404 requirement that public companies assess their “internal controls” to identify and prevent fraud, may indeed be regulatory overkill. In fact, for smaller public companies, Dodd-Frank eliminated part of the SOX internal controls requirements.
But was it actually a bad idea for SOX to encourage companies and auditors to work harder to find and prevent fraud inside a company before it might bring that company down? That relates to the broader question of whether SOX may have raised the scrutiny level for potential corporate fraud or accounting irregularities—and perhaps prevented new fraud cases.
Of course, one cannot prove that Sarbanes-Oxley stopped something that never happened. But if SOX did help prevent even one or two potential Enrons or WorldComs in the past decade, the extra millions of dollars in regulatory costs would look miniscule compared to the billions of dollars that investors might have lost, directly or indirectly, if those potential fraud cases had in fact occurred.
Sarbanes-Oxley did have flaws, as the original GBR article from 2003 pointed out. Yet the law, whatever its flaws, may have also helped restore investor confidence in the stock markets, merely by demonstrating that the government would take strong action to punish and deter corporate fraud.
The stock markets fell sharply between 2000 and 2002, driven down by both the dot-com crash and the scandals at Enron, WorldCom, and other companies. The markets bottomed in October 2002, not quite three months after SOX was enacted. Then the Dow Jones Industrial Average went on a five-year bull run, nearly doubling to a record high in October 2007—until the new financial crisis would cause the markets to plummet once again. Many factors contributed to that 2002-2007 bull market, of course. But could it have been more than pure coincidence that the markets regained their footing and began to turn around soon after SOX became law?
As one can only speculate on what might have happened without the enactment of SOX, critics of the law will almost certainly remain opposed to it. But the law is not likely to be repealed. For good or ill, Sarbanes-Oxley has become a permanent part of the U.S. business environment.
 Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002) (codified in 15 U.S.C. §§ 7201-7266 and scattered sections of 15 U.S.C. and 18 U.S.C.).
 In fact, Congressman Ron Paul, one of the 2012 Republican presidential candidates, was one of only three members of Congress to vote against Sarbanes-Oxley in 2002. In addition, Newt Gingrich, Mitt Romney, and Michele Bachmann joined Paul in calling for its repeal during the 2012 Republican primary campaign.
 Title IX, Subtitle I, § 989G(a) of Dodd-Frank provides an exemption for what the SEC calls “non-accelerated filers” from the “auditor attestation” portion of Section 404 of Sarbanes-Oxley, which requires a public company’s auditing firm to attest to and report on management’s assessment of its own internal controls.