Time flies, right? One minute Enron and WorldCom are going under, and before you know it your newborn daughter is a college junior.
That’s where my brain went this week I realized the Sarbanes-Oxley Act had turned 20.
SOX is an established part of the accounting and finance landscape these days, but 20 years ago it turned our profession on its head. Pushed through Congress in response to the spate of high-profile corporate bankruptcies and accounting scandals of 2001 (and named in part for Maryland Sen. Paul Sarbanes, who co-sponsored the bill), the law was enacted on July 30, 2002 as a way to improve auditing, transparency, and disclosure at public companies. For good measure, it created the Public Company Accounting Oversight Board, and a new era of accounting-related regulation and legislation was begun.
Twenty years later, has it made a difference? The National Law Review points to direct, long-lasting impacts on public companies’ internal controls, documentation, and processes. Beyond that, there have been a number of indirect impacts as well.
While transparency and public confidence in public companies have improved, an increasing number of companies have delayed or outright rejected the idea of going public, mostly due to the costs of SOX compliance.
Data privacy and protection might indirectly be improved as a result of SOX compliance. “SOX’s internal control requirements have caused corporate management to create policies and protocols to protect the integrity and storage of their company’s financial information,” The National Law Review writes. “Because these systems are already in place, corporations may now extend these and similar processes and procedures to protect their company’s non-financial and customer data as well.”
Finance professionals are now looking at the history of SOX compliance for guidance on how they should comply with new regulations surrounding environmental, social, and governance (or ESG) factors.
For all of Sarbanes-Oxley’s impact, even more should be done, particularly in the area of auditor independence, says SEC Chair Gary Gensler. In a webinar commemorating the law’s 20th anniversary, Gensler said some firms might be showing signs of slipping back into pre-SOX consultancy habits that put the profession in the spotlight in the first place, and that the PCAOB should take another look at existing auditor independence standards.
“PCAOB inspections continue to identify independence and lack of professional skepticism as perennial problem areas,” he said. “Given the growth in the size and complexity of non-audit services, it is important that audit firms maintain a culture of ethics and integrity — placing the highest priority on auditor independence throughout the firm, not just in the audit practice.”
So yeah, SOX is still a thing — and given new trends like ESG and data privacy, it might be more of a thing than ever.
It’s just more evidence that increasing legislation and regulation is a “hard trend” that will have greater impact on the profession as time moves forward — and that future-readiness is a skill we all must master, and soon.