Sarbanes-Oxley and Enterprise Risk Management Concerns
Since becoming a U.S. law in 2002, the Sarbanes-Oxley Act (SOx) has had a major impact on corporations whose securities are registered with the U.S. Securities and Exchange Commission (SEC). SOx has changed the financial reporting and public accounting regulatory landscape from one of self-regulation by external audit firms to quasi-governmental rules and has become a worldwide standard. SOx now requires senior business executives to assume personal responsibility for the documentation, review, and testing of their enterprise's internal controls. Although the act requires enterprises to follow the Committee of Sponsoring Organizations (COSO) internal control rules as discussed in Chapter 8, COSO enterprise risk management (ERM) was released after SOx and was not specifically mentioned in that legislation.
Nevertheless, both SOx and COSO ERM have some important dependencies on each other, and today's enterprise manager should have a general understanding of both. This chapter provides general background on SOx and describes some of its enterprise risk-related attributes. For a more detailed explanation of SOx, including a description of all aspects of this important legislation, the reader is encouraged to consult the Web or to review our more specific book on the subject.1
Sarbanes-Oxley Act Background
The five or so years starting in mid-1990 were an investment boom time for the United States and elsewhere worldwide. ...