by CIO Staff

What the Sarbanes-Oxley Act Means for Board Members

Jan 15, 20033 mins
IT Governance

The Sarbanes-Oxley Act took a quick trip through the legislative process. It was passed by Congress on Jan. 23, 2002, and signed into law six months later on July 30 by President Bush. Named for Sen. Paul Sarbanes (D-Md.) and Rep. Michael Oxley (R-Ohio), the purpose of the act is to protect investors by improving the accuracy and reliability of corporate financial statements and by establishing stiffer penalties for auditors, corporate officers, company directors and others who violate the act.

Here are some of the elements of Sarbanes-Oxley with which directors should be familiar.

  • Companies must establish an audit committee composed of independent board members. At least one member of the audit committee must be a financial expert, defined by Sarbanes-Oxley as someone who understands generally accepted accounting principles and financial statements. These audit committees are responsible for appointing, compensating and overseeing the work of public accounting firms.
  • Accounting firms cannot provide the following services to companies whose books they audit: bookkeeping; financial information system design or implementation; appraisal or valuation; actuarial services; internal audit outsourcing; management or HR; investment banking; or services unrelated to the audit such as legal counsel.
  • Board members cannot discriminate against employees who bring accounting improprieties to the board’s attention.
  • Directors cannot sell, acquire or transfer any stock in the company that they acquired in connection with their service during pension fund blackout periods. If they violate this rule, directors have to refund to the company profits made through such a transaction. This rule also applies to executive officers and the issuer of the stock.
  • Anyone, including a board member, who alters, destroys or conceals a record or document with the intent to impair the document’s integrity or availability for use in an official proceeding, faces fines and/or up to 20 years in jail.
  • The Securities and Exchange Commission may issue an order preventing an officer or director of a company from serving if that person’s “conduct demonstrates an unfitness to serve,” or if that person has violated any government regulation.
  • Since Aug. 30, 2002, the SEC has required CEOs and CFOs to sign their annual and quarterly reports, attesting to the veracity of those statements. If an audit or investigation later reveals that the officers misled investors by saying everything was kosher when it wasn’t, they’ll be fined and/or imprisoned up to 25 years.
  • Companies will be expected to adopt a “code of ethics” that outlines standards for regulatory compliance and handling conflicts of interest. If they haven’t adopted such a code, they’ll have to explain why.
  • CEOs and CFOs are required to inform their directors of significant internal control deficiencies that could adversely affect their ability to report financial data.
  • All quarterly and annual reports must now disclose “all material off-balance sheet transactions, arrangements, obligations and other relationships” that may affect a company’s operations or financial condition.