Professional Documents
Culture Documents
SOX Compliance
SOX Compliance
- CA. Ramya U R
-
Background
SOX is a United States federal law enacted on July 30, 2002, The act was named for its
sponsors: U.S. Sen. Paul Sarbanes (D-Md.), and U.S. Rep. Michael Oxley, (R-Ohio).
It mandates and improves corporate responsibility and financial disclosure, combats corporate
and accounting fraud, and restores investor confidence.
SOX established the Public Company Accounting Oversight Board (PCAOB),
1) The energy firm Enron Corporation was considered one of the largest, most successful,
and innovative companies in the United States. Around 2000, Enron unraveled in less
than two years as both the company's fraudulent practices and its executives' criminal
activities came to light. Enron’s leadership fooled regulators with fake holdings and off-
the-books accounting practices. Enron used special purpose vehicles or special purpose
entities to hide its mountain of debt and toxic assets from investors and creditors.
3) The security systems company Tyco International's financial scandal also preceded the
Act. The company's former CEO and CFO were convicted of stealing hundreds of
millions of dollars from the company, falsifying business records and violating other
business laws by commingling of assets (mixing of personal assets and company assets).
Applicability of Act
1) All public companies
2) Private companies who are going for IPO’s and Special Purpose Acquisition Company
(listed on a stock exchange with the purpose of acquiring a private company, thus
making the private company public without going through the initial public offering
process)
3) Foreign companies that are publicly traded and do business in the United States.
Important sections
1) Section 302 "Corporate Responsibility for Financial Reports”
Signing officers (CEO and CFO) to make specific certifications on the end of each
quarterly and annual reporting period. Report which contains
• no untrue statements
• fairly presented in all material respects
• Responsibility for design and maintenance of disclosure controls and procedures
as well as internal controls over financial reporting
• Not based on a specific criterion (approach based on risk).
3 Companies that fail to comply Delisted from the public stock exchange
2) The nature, timing, and extent of procedures that are necessary to obtain an
understanding of internal control depend on the size and complexity of the company
• The auditor's existing knowledge of the company's ICFR
• The nature of the company's controls, including the company's use of IT
• The nature and extent of changes in systems and operations and
• The nature of the company's documentation of its ICFR.
3) Obtaining an understanding of internal control includes evaluating the design of
controls. Procedures to obtain evidence about design effectiveness of controls are
• Inquiry
• Observation
• Inspection
• Walkthroughs
4) ICFR can be described as consisting of the following components(Internal control
framework)
• Control environment
• Risk assessment process
• Information and communication
• Control activities and
• Monitoring
FAQ
Question: Whether SOX is applicable for India?
Answer: Yes If Indian company is listed and traded in US market. If not “Clause 49” of listing
agreement which came into effect from 31st December 2005 and mandatory for all listed
companies. CEO or CFO to certify for the acceptance and responsibility for establishing and
maintaining ICFR.