Is Sarbanes-Oxley a Failing Law?

 By: Clayton Brite


The 1990s were a period of economic growth for the United States. Deregulation of the financial markets resulted in a boom in the stock market. However, this prosperity did not last. Between 2001 and 2002, several of the largest corporate accounting frauds in U.S. history occurred.[1] In response, Congress passed the Sarbanes-Oxley Act in 2002. Frequently referred to as “SOX,” this Act created new regulations for all publicly traded companies. It was intended to improve accuracy of financial statements in US public companies. There was hope that the law would restore the public’s trust in corporations and capital markets. However, there are those who do not agree that the Act will achieve these goals.

The debate continues today over the effectiveness of the Act. Proponents of SOX argue it is working and has ensured the reliability of the US financial markets. Others argue that it has stymied companies, slowed economic growth, and inhibited the United States’ emergence from this current recession. One corporate lawyer has described Sarbanes-Oxley as “a knee-jerk reaction, a badly drafted piece of legislation that…was perhaps not fully thought through."[2] Although SOX has increased oversight of public companies, I contend that the measures used and their positive effects do not outweigh their negative effects. I intend to show that Sarbanes-Oxley is overreaching and has placed unnecessary restrictions on corporations that have and will continue to unduly inhibit corporate performance until they are removed.

Background and Intended Purpose of Sarbanes-Oxley

Beginning in the early 2000s, Congress and the Bush Administration proposed numerous bills regarding corporate regulation.[3] No agreement or compromise could be reached and the creation of financial regulations stalled. After the accounting frauds at ENRON and WorldCom were exposed in March and July of 2002, Congress and the President were more willing to work with one another. At the same time, the public outcry to increase corporate legislation intensified. WorldCom had been the fourth major company in the new millennium to come public with an accounting fraud and to file for bankruptcy. Tens of thousands of their employees lost their jobs and their pensions.[4] The public demanded that Congress find a solution to this problem. Both houses of Congress acted swiftly with newly drafted bills. Rep. Michael Oxley sponsored and passed a bill in the House while Sen. Paul Sarbanes sponsored and passed a separate bill in the Senate.[5] During the deliberations in the Senate, amendments were made to increase criminal penalties. The two bills were eventually consolidated into one piece of legislation. Within the same month that WorldCom was exposed, Congress and the President had passed and signed the Sarbanes-Oxley Act into law.[6] The public applauded Congress for their fast action in developing restrictions to police and punish these companies and to create a deterrent to another accounting fraud.[7]

Highlights of Sarbanes-Oxley

The newly adopted Sarbanes-Oxley Act introduced a several key measures, which brought much attention. The Act called for those who were convicted of participating in a conspiracy to commit a financial crime and those who actually committed that crime to be punished equally.[8] The Act also provided a directive to the United States Sentencing Commission to sentence convicted offenders of the same crimes uniformly. Another controversial provision required the certification to the accuracy of the financial statements under the risk of penalty by the CEO and CFO.[9] The act created a distinction between “certification” and “willful certification” with regards to penalties. The reasoning behind this distinction is that public companies can have thousands of employees spread over the globe. Therefore, it could be difficult for a CEO or CFO to know for certain if the financial statements are accurate. In circumstances where it can be proven that the CEO or CFO is involved or is aware of the fraud (willful), the Act requires a harsher punishment. In order to convict, the prosecution needs to prove that the mens rea of the CEO or CFO was “knowingly” certifying the financial statements as accurate when they were not. SOX also provided for a severe penalty for a person who makes a false certification unknowingly, i.e., a strict liability standard.

Perhaps the most influential piece of the Act was Section 404, also referred to “SOX 404.” This section, which was added in 2004, mandates the periodic testing of internal controls. Specifically, SOX 404 requires companies to test procedures that are designed to monitor and prevent manipulation of financial data.[10]

Purpose of Act

Sarbanes-Oxley was developed for the purpose of restoring trust but to reduce information asymmetry as well.[11] Information asymmetry is a situation in which one party in a transaction has more or superior information compared to another.[12] This is a natural occurrence between public companies and their investors because it is impossible for every investor to be intimately involved with day-to-day operations. Although complete transparency is highly unlikely to ever happen, financial reporting reduces this asymmetry by giving investors a look at the financial health and status of the companies they invest in. Both the company and the investors have a role in making this arrangement work. Investors must trust that the financial data provided by the company is accurate. This trust by investors is derived from the Generally Accepted Accounting Principles (GAAP) to which public companies must adhere. Auditors must ensure that these companies are in accordance with GAAP. The accounting frauds during 2001 and 2002 destroyed that trust. SOX was developed to prevent further inaccuracies and to rebuild lost trust. The public wanted an end to corporate fraud and called for executives to be punished. But, perhaps paradoxically, the language of SOX and requirements it placed on companies makes it appear that Congress has attempted to quiet public outcry rather than pass regulations that would prevent future frauds. Specifically, Sarbanes-Oxley has been detrimental for two reasons. First, the penalties and restrictions are too punitive in nature, which renders them ineffective. Second, the Act has added more costs, both financial and non-financial, to public companies, which have been detrimental to operations and growth.

Punitive Effects

The Act requires that the CEO and CFO certify that there are no “material misstatements” and that financials are accurate.[13] The problem is that “material misstatements” is a subjective term. It is a determination made by the company’s auditor using both quantitative and qualitative factors which results in a dollar value threshold. This dollar value, if achieved or surpassed by inaccurate transactions, would result in the company’s financial statements to be “materially misstated.” There is no standard set across all companies that must be met. In an SEC accounting bulletin, auditors were directed to not determine materiality solely on a quantifiable basis.[14] Rather, the determination was to be considered with other factors. The auditor then makes a determination whether there is a “substantial likelihood” that a “reasonable person” would consider the information important. The Supreme Court has echoed this sentiment that materiality should be left to subjective professional judgment. In TSC v. Norway, the Court stated that materiality could be defined as a substantial likelihood that the cause of action could significantly alter the “total mix” of information available to the “reasonable investor.”[15]

The Court in TSC established that a material misstatement or omission would prove a de facto violation of Securities Exchange Act. However, how does someone reach a de facto standard with a subjective term such as “materiality”? The Court’s standard is not as clear as they would let one to think. The Financial Accounting Standards Board (FASB) takes materiality and leaves it to experienced professionals to determine. Guidance is provided by the “reasonableness” standard discussed earlier, but variations are inevitable between public accounting firms and between individuals in these firms. It is a tool, which assists the auditor to reach their conclusion regarding a company’s financial statements. The dollar value threshold that the auditor uses to determine material misstatements is not revealed to investors or the company. This is to prevent companies from booking inaccurate transactions under the threshold in order to avoid revealing errors or fraudulent actions. The potential for manipulation by the company can be seen in accounting fraud involving HealthSouth, Inc.[16]

Executives who fail to comply with the requirements face severe penalties. An offender faces up to 20 years in prison and/or a fine of five million dollars.[17] The only other guideline given is that these penalties should be administered equally per the SOX directive stated earlier. In other words, uniformity is a priority before determining the size or income level of the offender. There are four theories of punishment, i.e.: incapacitation, deterrence, rehabilitation, and/or retribution.[18] In applying this framework, it would appear the penalties set forth by SOX are intended to act as either a deterrent or retribution. One could argue for retribution in the sense that these punishments are meant more for society’s benefit than any other justification. However, I would argue against retribution. The punishments under Sarbanes-Oxley have not been used in that manner. The outrage by the public waned after Sarbanes-Oxley was enacted. There has not been one instance since its enactment where the public has expressed outrage towards a CEO and the Government has felt compelled to follow. For this reason I suggest that the CEO certification and the potential punishments are used more as a deterrent by the Government. It applies extreme pressure onto executives to carefully supervise their managers to ensure no fraud occurs. If this message fails to be heard by executives, they face jail time. However, when one considers this section and its potential, it is apparent that this rule is a broad and crude tool that is unfair to executives. First, to place the automatic burden on the CEO and CFO for a fraud is an unfair burden. Realistically, an executive can set the standard and stress the importance of not committing fraudulent business practices. However, for a CEO or CFO to enforce such a policy and ensure that fraud does not exist is impossible. Certain corporations have thousands of employees over several countries. It only takes one of them to commit a fraudulent act for the CEO and CFO to be held responsible. It is unreasonable to penalize an executive in New York for conduct of a mid-level manager in San Francisco or Singapore.

Second, jail time is an ineffective method of deterrence for white-collar crime. The purpose of the jail time penalty with respect to SOX is to protect the public from the repetition of a crime and to discourage employees from committing fraudulent acts.[19] However, jail sentences are not necessary and serve little purpose with respect to white-collar crime. Today, no major progress has been made to curb financial crimes. The financial crisis of 2008 resulted in the dissolution of two Fortune 500 corporations due to lack of internal control and little enforcement of these punishments. It is my belief that assessing fines more often and increasing the amounts can accomplish more good. This coincides with Optimal Penalty Theory.[20] Recine theorizes that white-collar criminals compute internal cost-benefit analysis when deciding to commit illegal acts. However, what is crucial to this system working is that the fines are proportional to the financial status of the person or company on whom they are imposed. In countries such as Finland, traffic violations are administered based on the severity of the offense and the income of the individual.[21] This approach is effective because all individuals now have to consider if the benefits of speeding outweigh the costs of the fines. This system coincides with Recine’s application of the Optimal Penalty Theory. If a person or persons can be identified as the perpetrator of the crime, they should be levied fines based on a percentage to their income. In addition, the corporation they work for should be fined under the same standard. Just as in Finland, the severity of the crime and the income of the individual or company should be considered. These fines will be more effective towards stopping corporate fraud as it punishes those involved and encourages companies to “clean up” their companies of fraud.


By costs, I am referring to financial and non-financial costs. The United States’ recovery from the 2008 Financial Crisis has been slow. Since it was first implemented, the cost of complying with Sarbanes-Oxley has been significant.[22] It is my contention that SOX can be identified as one cause of our slow economic recovery. Its effect stems from the added costs it has placed on companies, which have reduced profitability. I have identified four “costs” that have inhibited domestic growth. First, additional costs have steer public companies from their core business. Second, there has been significant movement from medium and smaller companies to move out of the US stock markets. Third, foreign firms have stopped listing in the United States. Finally, US companies have become less competitive due to a lower level of talent.

(1) Costs associated have prevented public companies from reporting higher profits

Complying with Sarbanes-Oxley Section 404 is very time consuming. On a quarterly basis, employees are required to meet with their auditors and go over their internal control policies and procedures. Auditors use this opportunity to determine if there are proper controls in place to ensure that only employees who are allowed to perform duties to carry them out. The reasoning behind this test is to ensure fraudulent or incorrect transactions can be reasonably prevented from being processed. In addition, auditors look for evidence of oversight or review by superiors to ensure transactions are not be performed unilaterally without review by one or more parties. They use their findings to submit a report regarding the “effectiveness” of the company’s internal controls.[23] Effectiveness, as defined by the SEC with respect of internal controls, is the ability to prevent even one material accounting error from occurring.[24]

Although this thorough practice ensures a periodic review, it forces too much time and resources to be allocated to ensure auditor compliance.[25] Quarterly tests of internal controls divert employee time and attention away from business practices and to administrative tasks. It is inevitable that these tasks will eventually be detrimental to the company’s “bottom line.”

The same level of work exists for employees. Prior to 2002, employees were able to accomplish their required work and tasks within their standard hours. With the introduction of SOX, employees were presented with additional tasks. However, their work hours either stayed the same or increased with overtime. Because employees are required to comply with auditor requests, the work hours that were once taken up by daily assignments and tasks are now sacrificed. If employees cannot focus as much on their work, business will suffer and less revenue will be generated.

In addition, expenses have the potential to increase. Companies might elect to prevent business from suffering. In these situations, the company will pay their employees overtime to sustain production and to comply with auditors. This will result in higher payroll expense. Regardless of which option is chosen (1) a reduction in revenue or (2) an increase in expenses either option has the same detrimental effect on a company’s net income.

Moreover, it is questionable whether Sarbanes-Oxley has been effective in the production of more accurate financial statements. One article cites the Financial Crisis of 2008 as evidence of its failure. The study found that 13% of all 3861 US Accelerated Filers (companies with a market capitalization value greater than $75 million) had errors in their financial statements in 2006 and were required to issue restatements.[26] This large group includes of some of the largest companies in the United States. Restatements are typically required when a significant or material accounting error has occurred. However, because of the standard established by the SEC definition of “effective,” there leaves little room for interpretation by the auditors over whether the misstatement is “material” or could be ignored.

Restatements have a detrimental effect on companies. In addition to correcting a prior error in their financials, the stock markets react unfavorably to news of a restatement. One study has found this to be true. However, they do state some circumstances when this was not the case. They found that the market reacted more favorably to misstatements during SOX’s implementation.[27] It was as if the markets were allowing companies a “free pass” during this implementation period.

(2) Medium and Smaller Companies are Looking to Leave

Audits are not exclusive to public companies. They can also be required for private or companies not publicly traded. A typical example of a required audit for a non-public company is when a bank will issue a line of credit to a private company. To ensure the financial health, the bank will require a yearly audit be conducted in return. However, there is a major difference in the cost of an audit between private and public companies. The cost of compliance has been estimated to be in the billions of dollars. It has created “an additional layer of bureaucracy” that has increased “the cost of compliance and legal burden."[28] SOX was designed with the “ENRONS” in mind.[29] But for smaller public companies or private companies considering going public, the cost of compliance can be prohibitive. The cost is not uniform amongst companies of all sizes. However, larger companies will be able to absorb the cost better than a smaller company. In some cases, medium and smaller public companies have decided to become private and forego SOX compliance costs altogether.[30]

The increase in compliance has also coincided with a shift to the Alternative Investment Market.[31] The Alternative Investment Market (AIM) is a sub-market of the London Stock Exchange that allows smaller companies to list with fewer regulations. Since its creation in 1995, it has grown to 1500 companies.[32] Because of the burdensome current standards required of a company that wants to list in the US markets, this option seems to be attractive for smaller companies. The AIM grew substantially as a result of the passage of SOX. The London markets provide them with access to one of the busiest stock exchanges in the World. However, this leaves the United States with incentive to ease requirements. That will especially be true if there is a large enough movement out of the US markets.

(3) Retreat of Foreign Companies

Foreign companies who list on US stock exchanges are able raise capital from US investors. However, to list on the US exchanges they are subject to SOX standards and testing. The cost of this compliance has caused some companies to leave US stock markets. Those foreign firms who remain in the US Markets are presented with a conflict between SOX regulations and the regulations of their home country.[33] For example, European regulations require a member of the workforce to be a representative on the Board of Directors. However, this requirement conflicts with the SOX requirement mandating independence in the Board of Directors.

(4) Lower Level of Talent in Companies

Prior to 2002, it was commonplace for employees of audit firms to work for their clients after they left their firms. It seemed to be a great move for both the company and the employee. They each have become familiar with one another over a period of time. The employee knows the company’s core business and their operations and, as a result, the learning curve is swifter. This bodes well for the company. An additional advantage for the company is that they know this person’s work ethic and competence as an accountant. This was not limited to just accountants either. Corporate attorneys were typically recruited from a company’s outside counsel.[34]

Sarbanes-Oxley has put an end to this practice. Due to independence requirements, companies can no longer look for employees at firms that they know well and with whom they have a relationship. These companies are now required to look outside for talent that is unaffiliated with their professional services companies. As a result, the learning curve increases and the new employees take longer to adjust and learn the intricacies of the company.


The common theme in all four of these points relates to the burdensome costs that Sarbanes-Oxley has placed on public companies. While attempting to combat fraudulent activities, Congress placed financial and non-financial burdens on companies they govern. Congress should consider revising these restrictions in order to reduce these costs and allow companies more room to operate and grow.

Although the focus has been directed toward the corporations, it would be imprudent to not discuss the consumer/investor side of the issue. The investors felt the worst of these financial collapses. In ENRON, many investors were also employees who had pension funds and life savings invested in their company.[35] Should more consideration be given to the investors? Although inefficient, should Sarbanes-Oxley remain in effect? Is the SOX investor protection more important than the burdens imposed on corporations?

The effects of the financial crisis left investors and society incensed with corporations. These frauds were perpetrated by and benefited a handful leaving financial devastation in its wake. I have no doubt that the investor who lost their pension fund with ENRON would prefer SOX to remain in place just as public companies would prefer SOX be repealed. As such, it should become apparent that SOX should be reduced but not repealed. A 2006 study was conducted to determine the public’s reaction to certain consequences of Sarbanes-Oxley. The study generally concluded that the Act restored public trust and increased the compliance of public companies.[36] I do not dispute that the initial public reaction to SOX was positive and capital influxes from the capital markets benefited public companies. However, I do contend that SOX has overstayed its welcome and the continued costs are outweighing the public benefit.

In 2002, the public demanded reassurance in the markets that accounting frauds could be prevented and those responsible could be punished. The public had just been put through a traumatic series of events. Their reaction and fear was understandable. Investors had lost millions in pension funds, investment accounts, and life savings. Even those who were not directly affected by these accounting frauds looked from the outside with worry that they could be affected next. The public had lost their peace of mind and demanded legislative changes to get it back.

The structure that SOX establishes is appropriate for companies in the abstract. However, the punishment directed to the CEO and CFO should be removed in place of the proposed “actual offender” punishment. Punishing the CEO and CFO regardless of whether they are the perpetrators does not deter future crimes but provides a shield for the actual the offenders. Additionally, SOX 404 testing should be scaled back. The Financial Accounting Standards Board has been resilient in administering inflexible rules to apply to all corporations.[37] In materiality, the auditor should be allowed to pass judgment on their clients to determine if extensive internal control testing is required. Investors might disagree with this assessment. However, the astronomical costs associated with internal control compliance are too great to review and receive the “rubber stamp” of approval on an annual basis. A 2007 revision relaxed and directed company focus to more risky areas.[38] More scale backs need to be done to reduce the cost and free more capital within corporations. This reduction will attract more mid- and micro-cap companies to go public and attract more money to the U.S. stock markets.


When looking back upon the first ten years of the Sarbanes-Oxley Act, one can only conclude that it has placed an undue burden our public companies and stifled our economic growth. The Act’s costs have greatly outweighed its benefits and thus needs reformed. Its effects have been perhaps more pronounced by the current financial crisis and the slow economic recovery. It is my opinion that lawmakers felt the pressure to punish corporate Americans when they should have focused their attention on trying to reduce information asymmetry. Sarbanes-Oxley was written and passed within one month in 2002. With the empirical evidence we have now in its first decade of existence, it is time to go back and reform Sarbanes-Oxley and ease some of the burdens it has placed on companies which fall under its punitive purview.

Clayton Brite graduated from Northeastern University in 2013 with a Bachelor of Science in Accounting, as well as a minor in Law, Policy, & Society.

  1. Jennifer S. Recine, Examination of the White Collar Crime Penalty Enhancements in the Sarbanes-Oxley Act, 39 American Criminal Law Review 1535 (2002).  ↩

  2. Vanessa Walters, Doing More Harm Than Good, Financial Times (2006).  ↩

  3. Recine, supra.  ↩

  4. Bethany McLean, ENRON: The Smartest Guys in the Room, Magnolia Pictures (2005).  ↩

  5. Recine, supra.  ↩

  6. Id.  ↩

  7. Id.  ↩

  8. Id.  ↩

  9. Id.  ↩

  10. Peter Iliev, The Effect of SOX Section 404: COsts, Earnings Quality, and Stock Prices, 16 Academy of Accounting and Financial Studies Journal, 81, 90 (2012).  ↩

  11. Paul M. Palepu & Krishna G. Healy, Information Asymmetry, Corporate Disclosure, and the Capital Markets: A Review of teh Empirical Disclosure Literature, 31 Journal of Accounting & Economics 405 (2001).  ↩

  12. Asymmetric Information, Investopedia (2013), available at  ↩

  13. Recine, supra.  ↩

  14. Securities and Exchange Commission, SEC Staff Accounting Bulletin: No. 99-Materiality 3 (1999), available at  ↩

  15. TSC Industries, Inc. v. Northway, Inc., 426 U.S. 438 (1976).  ↩

  16. Jeanine Ibraham, American Greed: HealthSouth, CNBC (2011), available at  ↩

  17. 18 U.S.C. § 1350.  ↩

  18. Don Scheid, Indefinite Detention of the Mega-Terrorists, 29 Criminal Justice Ethics 1 (2010).  ↩

  19. Recine, supra.  ↩

  20. Id.  ↩

  21. Chuck Williams, Management 424 (4th ed. 2006).  ↩

  22. Walters, supra.  ↩

  23. Tim Leech & Lauren Leech, Preventing the Next Wave of Unreliable Financial Reporting: Why US Congress Should Amend Section 404 of the Sarbanes-Oxley Act, 8 International Journal of Disclosure & Governance 295 (2011).  ↩

  24. Id.  ↩

  25. Walters, supra.  ↩

  26. Leech, supra at 310.  ↩

  27. Shrikant Jategaonkar, Market Reaction to Restatements After Sarbanes-Oxley, 16 Academy of Accounting and Financial Studies Journal 81 (2012).  ↩

  28. Walters, supra.  ↩

  29. Sam Fletcher, Sarbanes-Oxley Concerns Dominate US Corporate Governance Issues (2003).  ↩

  30. Id.  ↩

  31. Nigel Hawkings, AIM for Growth, Utility Week 3 (2006).  ↩

  32. Id. at 2.  ↩

  33. Joseph Piotroski, Regulation and Bonding: The Sarbanes-Oxley Act and the Flow of International Listings, 46 Journal of Accounting Research 383 (2008).  ↩

  34. Fletcher, supra.  ↩

  35. McLean, supra.  ↩

  36. Pankaj K. Rezaee & Zabihollah Jain, The Sarbanes-Oxley Act of 2002 and Capital Market Behavior: Early Evidence, 23 Contemporary Accounting Research 629 (2006).  ↩

  37. Securities & Exchange Commission, supra.  ↩

  38. The New 404 Balancing Act: Assessing Choices and Making the Right Decisions, Ernst & Young LLP (2007), available at  ↩