Why was sox implemented

Consider the case of a large clothing manufacturer that operates retail outlets nationwide under several well-known brand names. We started with accounts receivable and learned that each division of the company imposed different due and dunning dates, late fees, and interest rates on customers. If the divisions had been independent companies, these inconsistencies would have been innocuous, but each of these units fed its financial data into consolidated financial statements, and these nonstandardized processes made a mess of the aged-receivable and bad-debt accounts.

An analogous situation existed at Sunoco. This consistency, Hofmann says, reduces the chances for error in data entry and consolidation. Having to rebill customers to correct invoicing mistakes can have a cascading effect on operations: Every invoicing discrepancy, whether caught internally or flagged by a customer, must be investigated and reconciled, and the invoice must then be canceled, redone, and redelivered.

As a consequence, the cash flow cycle is interrupted, and customer relations may become strained. At Sunoco, creating a single, standardized form for every type of product reduced these problems to a minimum.

The potential benefits of standardization also caught the attention of executives at Kimberly-Clark, the consumer products manufacturer. The process for reviewing the entries was also fragmented, with some reviews conducted by people not senior enough. Data are now more consistent and reliable, and fewer employees and man-hours are required to accomplish the same task, he says. To guard against these types of errors, Manpower standardized its change-management process for software development.

Any code alterations are now subjected to a series of reviews, tests, analyses, and approvals before going live. A regression test is introduced near the end of the development process to validate the new code.

During the test, technicians operate two machines concurrently, one running the old code and the other the new. The same data are put into each, and the output is compared in order to identify coding errors.

Besides averting financial losses, standardizing the software coding processes also helps streamline the development cycle. For a company that develops global software applications for its business units, development and support costs can be cut substantially. Further benefits accrue when internal and external auditors come knocking, since standardized processes can be evaluated more quickly and thus more cheaply.

Some tasks are inherently complex—designing computer chips, tracking weather patterns, mapping the human genome. Others are needlessly so. Over a ten-year period, the company had acquired more than competitors and complementary businesses. It acquired another 50 companies indirectly when it purchased its largest competitor, Pierce Leahy, which had just completed an acquisition spree of its own.

Simplification was always the game plan at Iron Mountain, says John F. Kenny, Jr. Each acquired company came with its own organizational chart; Iron Mountain integrated and streamlined the reporting structure. Each acquisition brought its own accounting practices; Iron Mountain centralized all accounting activities.

Many of the companies calculated taxes by hand or on spreadsheets; Iron Mountain automated tax estimation and payments. Nonetheless, he and other executives believe that the company has made significant gains in efficiency.

These can include hosting IT applications, managing IT infrastructure, providing services in accounts receivable or accounts payable, processing payroll, managing benefits, and maintaining warehouse inventories. In such cases, the primary company must obtain evidence of effective internal control at the partner company, ideally in the form of an SAS 70 Type II report that the partner provides.

If, however, the service provider is unwilling or unable to do so, the primary company must conduct its own audit. Yet in our experience, most controls are still manual. Because automated controls are more reliable, only a single sample of an activity may need to be tested. A manual control of the same activity could require dozens of tests. Also, according to recent PCAOB guidance, some automated controls can be tested every three years instead of every year, as long as the company can demonstrate that the control has not been changed.

For example, many firms now require passwords of at least eight characters consisting of numbers, symbols, and both lowercase and uppercase letters. Users must change passwords at least every three months and are locked out after several consecutive incorrect entries. Still, some situations call for human judgment.

Manpower strives to find a balance between automated and manual controls. The Sarbanes-Oxley Act has encouraged companies to make their financial reporting more efficient, centralized, and automated. Even so, some critics feel all these controls make the act expensive to comply with, distracting personnel from the core business and discouraging growth.

Finally, the Sarbanes-Oxley Act established the Public Company Accounting Oversight Board, which promulgates standards for public accountants, limits their conflicts of interest, and requires lead audit partner rotation every five years for the same public company. Fiscal Policy. Career Advice. Company Profiles.

Financial Statements. Actively scan device characteristics for identification. Use precise geolocation data. Select personalised content. Create a personalised content profile. Measure ad performance. Select basic ads.

Create a personalised ads profile. Select personalised ads. Apply market research to generate audience insights. Measure content performance. The Sarbanes-Oxley Act of was passed due to the accounting scandals at Enron, WorldCom, Global Crossing, Tyco and Arthur Andersen, that resulted in billions of dollars in corporate and investor losses. These huge losses negatively impacted the financial markets and general investor trust.

The Sarbanes-Oxley Act mandates a wide-sweeping accounting framework for all public companies doing business in the US. What companies need to comply with Sarbanes-Oxley? All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing in business in the US are effected. In addition, private companies that are preparing for their initial public offering IPO also need to comply with certain provisions of Sarbanes-Oxley.

When did Sarbanes-Oxley compliance take effect? All parts of the Sarbanes-Oxley Act with the exception of Section are effective now. The act also added new criminal penalties for violating securities laws. Article Sources. Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts.

We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy. Compare Accounts. The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.

Internal controls are processes and records that ensure the integrity of financial and accounting information and prevent fraud. Detective Control A detective control is an accounting term that refers to a type of internal control intended to find problems within a company's processes.

Accounting Control Accounting controls are a set of procedures that are implemented by a firm to help ensure the validity and accuracy of its own financial statements. Audit Trail An audit trail tracks accounting data to its source for verification. Learn how companies use auditing to reconcile accounts and detect fraud.

Partner Links. Related Articles.