Sarbanes-Oxley Summary

Four Ways Sarbanes-Oxley Stops Corporate Fraud

Sarbanes Oxley
Under Sarbanes-Oxley, CEOs must personally certify corporate accounts. Photo: Photo: Digital Vision/Getty Images

The Sarbanes-Oxley Act of 2002 cracks down on corporate fraud. It created the Public Company Accounting Oversight Board to oversee the accounting industry. It banned company loans to executives and gave job protection to whistleblowers. The Act strengthens the independence and financial literacy of corporate boards. It holds CEOs personally responsible for errors in accounting audits.

The Act is named after its sponsors, Senator Paul Sarbanes, D-Md., and Congressman Michael Oxley, R-Ohio. It's also called "Sarbox" or "SOX." The statute became law on July 30, 2002. The Securities and Exchange Commission (SEC) enforces it. 

Many thought that Sarbanes-Oxley was too punitive and costly to put in place. They worried it would make the United States a less attractive place to do business. In retrospect, it's clear that Sarbanes-Oxley was on the right track. Deregulation in the banking industry contributed to the 2008 financial crisis and the Great Recession.

Section 404 and Certification

Section 404 requires corporate executives to certify the accuracy of financial statements personally. If the SEC finds violations, CEOs could face 20 years in jail. The SEC used Section 404 to file more than 200 civil cases, but only a few CEOs have faced criminal charges. 

Section 404 made managers maintain “adequate internal control structure and procedures for financial reporting." Companies' auditors had to “attest” to these controls and disclose “material weaknesses."


SOX created a new auditor watchdog, the Public Company Accounting Oversight Board. It set standards for audit reports. It requires all auditors of public companies to register with them. The PCAOB inspects, investigates, and enforces the compliance of these firms. It prohibits accounting firms from doing business consulting with the companies they are auditing. They can still act as tax consultants, but the lead audit partners must rotate off the account after five years. 

SOX hasn't increased the competition in the oligarchic accounting industry, which is still dominated by the so-called Big Four firms: Ernst & Young, PricewaterhouseCoopers, KPMG, and Deloitte.

Internal Controls

Public corporations must hire an independent auditor to review their accounting practices. It deferred this rule for small-cap companies, those with a market capitalization of less than $75 million. Most (83%) large corporations agreed that SOX increased investor confidence. A third said it reduced fraud. 


SOX protects employees that report fraud and testify in court against their employers. Companies are not allowed to change the terms and conditions of their employment. They can't reprimand, fire, or blacklist the employee. SOX also protects contractors. Whistleblowers can report any corporate retaliation to the Occupational Safety and Health Administration.

Effect on the U.S. Economy

Private companies must also adopt SOX-type governance and internal control structures. Otherwise, they face increased difficulties. They will have trouble raising capital. They will also face higher insurance premiums and greater civil liability. These would create a loss of status among potential customers, investors, and donors.

SOX increased audit costs. This was a greater burden for small companies than for large ones. It may have convinced some businesses to use private equity funding instead of using the stock market.

Why Congress Passed Sarbanes-Oxley

The Securities Act of 1933 regulated securities until 2002. It required companies to publish a prospectus about any publicly-traded stocks it issued. The corporation and its investment bank were legally responsible for telling the truth. That included audited financial statements.

Although the corporations were legally responsible, the CEOs were not. So, it was difficult to prosecute them. The rewards of "cooking the books" far outweighed the risks to any individual.

SOX addressed the corporate scandals at Enron, WorldCom, and Arthur Anderson. It prohibited auditors from doing consulting work for their auditing clients. That prevented the conflict of interest which led to the Enron fraud. Congress responded to the Enron media fallout, a lagging stock market, and looming reelections. 

Bottom Line

The Sarbanes-Oxley Act was passed by Congress to curb widespread fraudulence in corporate financial reports, scandals that rocked the early 2000s. The Act now holds CEOs responsible for their company’s financial statements. Whistleblowing employees are given protection. More stringent auditing standards are followed. These are just a few of the SOX stipulations. 

Some critics though believe SOX is an expensive compliance, particularly for small companies, but its focus on high auditing quality has restored and strengthened investor confidence in U.S. companies.

Frequently Asked Questions (FAQs)

Who must comply with Sarbanes-Oxley?

All publicly traded companies in the U.S. must comply with SOX.

What happens if a company doesn't comply with Sarbanes-Oxley?

The severity of penalty for noncompliance depends on which of the 11 sections of SOX were violated. Punishment can range from paying a fine or losing an exchange listing to long prison sentences and millions of dollars in fines.

What is a Sarbanes-Oxley Audit?

It's a compliance audit done by a neutral third party to verify financial statements of a company and how they were created. The auditor will look at financial statements and interview certain employees of the company to ensure the company is in compliance with SOX.

Was this page helpful?
The Balance uses only high-quality sources, including peer-reviewed studies, to support the facts within our articles. Read our editorial process to learn more about how we fact-check and keep our content accurate, reliable, and trustworthy.
  1. U.S. Securities and Exchange Commission. “Summary of SEC Actions and SEC Related Provisions Pursuant to the Sarbanes-Oxley Act of 2002.”

  2. United States Department of Labor. “Sarbanes Oxley Act (SOX), 18 U.S.C. §1514A.”

  3. Sox-Online. “Sarbanes & Oxley.”

  4. U.S. Government Publishing Office. “Public Law 107 - 204 - Sarbanes-Oxley Act of 2002.”

  5. U.S. Government Publishing Office. “Sarbanes-Oxley Act of 2002,” Pages 57, 63, 64, 67.

  6. U.S. Government Publishing Office. “Sarbanes-Oxley Act of 2002,” Pages 12, 46.

  7. U.S. Securities & Exchange Commission. “Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports.”

  8. PCAOB. “Standards.”

  9. U.S. Government Publishing Office. “Sarbanes-Oxley Act of 2002,” Pages 6-7.

  10. U.S. Government Publishing Office. “Sarbanes-Oxley Act of 2002,” Pages 28-30.

  11. CFA Institute. “New Public Company Auditor Disclosures.”

  12. The Big 4 Accounting Firms. “The Big 4 Accounting Firms.”

  13. U.S. Securities and Exchange Commission. “Amendments to the Smaller Reporting Company Definition.”

  14. Forbes. “The Costs and Benefits of Sarbanes-Oxley.”

  15. Harvard Business School Working Knowledge. “Counting up the Effects of Sarbanes-Oxley.”

  16. Columbia Law School. “SEC Proposes to Exempt More Firms From Required Attestation of Internal Controls,” Footnote 9.

  17. Federal Register. “Procedures for the Handling of Retaliation Complaints Under Section 806 of the Sarbanes-Oxley Act of 2002, as Amended.”

  18. United States Department of Labor. “OSHA Announces Final Rule on Procedures for Handling Retaliation Complaints Under Sarbanes-Oxley Act.”

  19. U.S. Securities and Exchange Commission. “Office of the Whistleblower.”

  20. United States Department of Labor. “Whistleblower Laws Enforced by OSHA.”

  21. U.S. Securities and Exchange Commission. “Sarbanes-Oxley Section 404: A Guide for Small Business.”

  22. Rand Corporation. “Do Benefits of Sarbanes-Oxley Justify the Costs?

  23. U.S. Government Accountability Office. “Sarbanes-Oxley Act: Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies.”

  24. U.S. Securities and Exchange Commission. “Responses to ACSPC Request for Public Input.”

  25. U.S. Securities and Exchange Commission. “Securities Act of 1933.”

  26. U.S. Securities and Exchange Commission. “The Laws That Govern the Securities Industry.”

  27. U.S. Securities and Exchange Commission. “Market Reaction to Events Surrounding the Sarbanes-Oxley Act of 2002,” Page 1.

  28. U.S. Securities and Exchange Commission. “Audit Committees and Auditor Independence.”

  29. it Governance. "The Sarbanes-Oxley Act (SOX)."

  30. Pathlock. "SOX Audit: 8 Steps to a Successful Audit."

Related Articles