As a response to the accounting misdeed-related failures of such then-major corporations as Enron and WorldCom, the Sarbanes-Oxley Act (SOx) was passed in 2002 with its Securities and Exchange Commission (SEC)-defined administrative rules ready early in 2003. A major component of SOx was the Public Company Accounting Oversight Board (PCAOB), an independent entity to set auditing standards and to govern and regulate the public accounting industry. These were major changes that have impacted corporate governance, financial accounting, and auditing processes, first in the United States and now worldwide. SOx is a wide-ranging set of new requirements that has redefined how we both govern public enterprises and attest that their reported financial results are fairly stated.

Most of the attention on SOx requirements since its enactment has been on the internal control attestation rules, which are part of Section 404 of the Act and will be discussed in Chapter 6, as well as what are called the Section 302 rules, discussed in Chapter 7, making management responsible for its reported financial statements. Both of these areas attracted a major degree of effort and concerns as major corporations began to establish compliance with SOx in its first years starting after 2002. Other portions of the legislation just have not received that much attention or have not caused major compliance concerns. An example is a SOx requirement that audit ...