- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Governance, Risk and Compliance
By Resolver Modified February 7, 2021
The Sarbanes-Oxley Act, better known simply as SOX, was a landmark bill passed in 2002 to prevent misleading financial reporting practices and other instances of fraud. Inspired by major corporations such as Enron, any business listed in the New York Stock Exchange was forced to comply with these new accounting standards – including foreign companies.
For a number of years, foreign entities enjoyed a number of benefits by becoming a public company in the United States. As a report from Morrison & Foerster notes, some of these advantages include: Increased visibility and prestige, ready access to the U.S. capital markets (which are still among the largest in the world), the ability to attract and reward key talent acquisitions by offering stock in the company’s growth and the power to send credible signals to the market that the organization will protect minority shareholder interests.
SOX has a wide-reaching jurisdiction, and any company with a dual listing on a U.S. exchange that has 500 or more U.S.-based shareholders needs to make itself compliant. Understandably, a number of foreign companies were frustrated when they discovered SOX would affect them as well as American organizations. Many delisted and went private as a result – back in 2006, a study conducted by Mazars found 17 percent of European companies considered the option.
However, several key advantages of being a public company in the U.S. still exist. This fact has encouraged a number of companies to comply with SOX standards rather than part ways. The same Mazars poll noted that 43 percent of European countries believed the benefits of SOX outweigh its costs, while that number skyrockets among Asian and Latin American firms, with 72 and 81 percent of respondents agreeing with that notion, respectively.
Before SOX, most companies already had hundreds or even thousands of documented controls in place. However, the reporting and evaluation of these controls is what SOX revolutionized – now companies must ensure that compliance work is being performed on a consistent and continual basis, with the results of these tests reported through annual or quarterly documentation.
“Although almost all Sarbanes-Oxley programs have been structured around using the COSO framework, too few businesses have really used the monitoring component of this internal control framework,” Adrian Giles, a senior partner at venture specialists Venesis, explains. “Many are too focused on the detailed control activity and the level of detail documented for both the design and operational effectiveness of those controls. Far greater value could be achieved if they increased the focus upon monitoring transactions for control compliance.”
Section 302, one of the key sections of SOX, requires chief executive officers and chief financial officers to both sign off on documentation and certify that financial statements are accurate based on these controls and are true measures of a company’s standings. Previously, companies only needed the word of the auditor in charge.
Section 404 was another landmark component of the bill, which also requires both executive management and auditors to report on the adequacy of the controls set in place. Again, this forced many companies to change how they managed controls in an effort to reach compliance.
Foreign companies need to consider SOX compliance just as much as any American company. While meeting these standards will cost money, the benefits largely outweigh the negatives and can create real advantages for international organizations looking to develop credibility in the marketplace.