Sarbanes-Oxley Compliance
You are here:   Home  ::  Legislative Response  ::  Sarbanes-Oxley


"There is an essential difference between
that which you have a right to do and that which is right to do."

(Potter Stewart, Supreme Court Justice)

By now, we're all aware of the Sarbanes-Oxley Act of 2002. As a response to the legal/ethical failures at the turn of the Millennium, the federal government passed a total legal/ethical overhaul of certain rules applicable to public companies in the area of financial reporting. In addition to establishing a new government oversight agency (Public Company Accounting Oversight Board) and a ten-year statutory penalty for financial fraud (federal crime under the interstate clause applicable to mail/wire transactions), Sarbanes-Oxley requires the following:

  1. Top leadership (CEO, CFO) must personally certify company financial statements as true and without misleading or omitted information.
  2. Audit committees of the board of directors must be totally independent and have no material interests in the company.
  3. Companies can no longer loan money to their officers or directors.
  4. Financial officers must comply with a company "code of ethics" and that code must be filed with the Securities and Exchange Commission (SEC).
  5. Accounting firms can no longer provide both auditing and consulting services to the same company without specific approval of the company's audit committee.
  6. Senior auditors of a company must be rotated every five years and other auditors must be rotated every seven years.
  7. Attorneys must report wrongdoing to top leadership and/or the board of directors, and withdraw as counsel if no action is taken by the company as a result.
  8. Employee "whistle-blowers" are fully protected in connection with reporting wrongdoing to authorities.
  9. Financial analysts must support their recommendations with objective data/reports.
The intended benefits of Sarbanes-Oxley are fairly obvious: (i) Expanded accountability of company leadership; (ii) greater disclosure of financial matters; (iii) clearer descriptions of internal practices; (iv) more useful information from accounting, legal, and financial professionals; (v) increased penalties for corporate wrongdoing; and (vi) wider protection for whistle-blowing employees and outside stakeholders.1

As part of Sarbanes-Oxley, the SEC was directed to issue rules regarding corporate ethics statements, including the requirement that public companies must report whether they have adopted such ethics statements (Section 406). The SEC delivered its rules in January 2003, which define a "code of ethics" as written standards that are reasonably designed to deter wrongdoing and to promote:

  • Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships.
  • Full, fair, accurate, timely and understandable disclosure in reports and documents that a company files with or submits to the SEC and in other public communications made by the company.
  • Compliance with applicable governmental laws, rules and regulations.
  • The prompt internal reporting of any violations of the code of ethics to an appropriate person or persons identified in the code of ethics.
  • Accountability for adherence to the code of ethics.2
Although Sarbanes-Oxley and the related SEC rules do not mandate the adoption of ethics statements or ethics training at public companies, they do require full public disclosure as to whether such codes have been adopted that satisfy the above requirements.

In addition, the NYSE and NASDAQ upped the ante on Sarbanes-Oxley by actually requiring a "code of business conduct and ethics" covering all employees, officers, and directors. As such, each listed company must make its code available to the public and certify compliance with this requirement on an annual basis. The NYSE also requires "compliance standards and procedures that will facilitate effective operation of the code," which has been generally construed to mean company-wide ethics training and education.3

Since these broader stock exchange rules were implemented, Section 301 of Sarbanes-Oxley, which requires audit committees to establish procedures for confidential reporting of complaints about audit and financial matters, has been more broadly applied. Generally, most companies now consider "procedures" to mean training and education regarding the identification, reporting, and protocol related to unethical behavior.

Read more: Federal Sentencing Guidelines

1See Chapter 4, Ferrell, Fraedrich, and Ferrell, Business Ethics: Ethical Decision Making and Cases, Seventh Edition, Houghton Mifflin Company, 2008, for summary coverage of and articles related to Sarbanes-Oxley.
2Securities and Exchange Commission, 17 CFR Parts 228, 229 and 249, "Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act of 2002," issued January 24, 2003.
3Final NYSE Corporate Governance Rules, Section 10.


"To see what is right
and not to do it
is want of courage."
– Confucius