Sarbanes-Oxley Act SOX

The **Sarbanes-Oxley Act (SOX)** was enacted on 30 July 2002 in response to the Enron, WorldCom, and Tyco accounting scandals. It fundamentally restructured public-company reporting in the United States. SOX applies to issuers registered with the SEC, including foreign private issuers, and introduced obligations that have shaped audit and governance standards globally.\n\nKey sections: section 302 requires the CEO and CFO to certify the accuracy of each periodic report (10-K, 10-Q) and the effectiveness of disclosure controls. Section 404 requires management's annual assessment of internal control over financial reporting (ICFR), with an external auditor attestation for accelerated and large-accelerated filers. Section 802 imposes criminal penalties for document destruction and falsification of up to 20 years. Section 906 imposes criminal penalties for false certifications by CEO or CFO of up to 20 years and 5 million USD.\n\nSOX also created the Public Company Accounting Oversight Board (PCAOB) under section 101, ending the era of self-regulation by the audit profession. PCAOB inspects registered audit firms, sets auditing standards for issuer audits, and disciplines auditors who fall short.

You will encounter SOX as soon as a company files an S-1 with the SEC and becomes an issuer. Pre-IPO companies typically begin SOX readiness 18 to 24 months before pricing, including ICFR design, walkthroughs, control testing, and remediation. International groups with US-listed subsidiaries inherit ICFR obligations across the corporate structure.