In 2002, the Sarbanes-Oxley Act came into force in response to corporate financial scandals that emerged due to Enron, Tyco, Global Crossing, Arthur Andersen and WorldCom to protect shareholders and the public from accounting errors and unethical business practices. It brought major changes to the regulation of financial practice and corporate governance.

The Act covers issues related to creating a public company accounting oversight board, auditor independence, corporate responsibility and improved financial disclosure. The Act states that all business records, even electronic records and electronic messages, must be saved for five years and not less. The results for non-compliance could be fines, imprisonment, or both. For both large and small organizations compliance with the Act is mandatory, and puts the emphasis on information transparency and accountability.

Senator Paul Sarbanes and Representative Michael Oxley are the main architects, thus the name. The Act is organized into 11 titles, with sections 302, 404, 401, 409, 802 and 906 being the most significant with respect to compliance and section 404 seen as most important for internal control. The laws deal with corporate board responsibilities to criminal penalties. The Security and Exchange Commission (SEC) is required to implement rulings on requirements to comply with the Act.

Section 404 is cause for concern within corporate audit committees and internal audit departments, largely due to deadlines for compliance since the Act is new. Some companies have yet to complete a Section 404 assessment of internal control. Internal auditors, external auditors, financial management, and audit committees are learning and developing software tools, methodologies and procedures for the first time in response to the Act. Beginning in 2004, publicly-traded companies are required to submit their internal accounting annual reports to the Securities and Exchange Commission (SEC).

Compliance means that organizations or their accounting firms must:

1. Control how they process, distribute, retain, and access key financial information and supporting information in daily activities
2. Establish controls that improve the transparency of communications, identify material deficiencies, and bring notice to key information that may be essential to compliance
3. Create a compliance program that makes employees aware of their responsibilities
4. Establish checks and balances to ensure that the compliance program is followed, and review its effectiveness periodically
5. Maintain all documents and information related to any audit report

The Act requires CEOs and CFOs to certify certain information regarding their financial statements, and their system of internal control, and to forego previously paid bonuses and profits in the event of financial statement restatements.

Therefore, though the ultimate accountability lies with key company officers, responsibility also falls on various business operations and personnel are a part of financial operations.

References:

http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act
http://www.sarbanes-oxley-act-compliance.com/
http://www.soxlaw.com/ --
http://softapproach.com/sarbanes-oxley-act-compliance --
http://www.gwaltrip.com/sox01.htm
http://h71028.www7.hp.com/ERC/downloads/5982-4189ENUS.pdf