Almost every provision of the Sarbanes-Oxley Act impacts either publicly-held companies or their auditors. Only the following two provisions impact private companies:
- Section 1102. Creates criminal penalties for altering or destroying documents in an attempt to impede or influence a federal investigation or bankruptcy proceeding.
- Section 1107. Punishes retaliation toward any person who provides to a law enforcement officer any information related to the commission or possible commission of any federal offense.
Strangely enough, if you harm a document under Section 1102, you can go to jail for 20 years, but you only go to jail for 10 years if you harm a person under Section 1107 (!).
Though the remainder of this lengthy Act can be ignored by private firms, there are three compelling reasons to at least consider adopting some of its provisions. First, state governments may require private firms incorporated within its boundaries to comply with the Act. Second, any firm thinking about going public will eventually need to comply, so it does not hurt to start early. Third, some provisions are just good business practice, such as having an audit committee and documenting internal controls. The following summary describes those sections of the Act having some impact on company operations. Other sections not included here describe the creation of a public oversight board (the PCAOB), rules for auditors and outside legal counsel, and authorizations to conduct a number of studies. The relevant issues are as follows:
- Section 203. The lead audit partner must rotate off the audit every five years.
- Section 204. The auditors must report to the audit committee all critical accounting policies and practices to be used, the ramifications of using alternative accounting treatments by management, and the auditors’ preferred accounting treatment.
- Section 206. The CEO and CFO cannot have been employed by the auditors during the one year preceding the audit.
- Section 301. The audit committee is entirely comprised of independent directors who are responsible for appointing and overseeing the auditors. It shall also handle any employee complaints regarding the accounting, internal controls, and auditing functions.
- Section 302. The CEO and CFO shall certify the financial statements.
- Section 303. Company officers shall not influence the outcome of an audit.
- Section 402(a). Prohibits company loans to executives.
- Section 404. Requires the issuance of an annual report, stating the responsibility of management to create and maintain a system of internal controls, and assessing the effectiveness of those controls.