The same is true in the area of records and documentation. Corporations have no choice but to create exhaustive sets of documentation which, in a number of cases, are clearly far in excess of what the SEC actually expects to see, for the SEC merely set forth the most ambiguous of guidance as to what records it expects to see. The probability of facing regulatory actions and lawsuits, both highly intrusive and costly public relations fiascos, or worse, a criminal prosecution, is the alternative. Hence, the choice to make is easy yet an expensive one.
Moreover, to believe that the SEC is viewing its approach to Section 404 compliance as a license to ignore or give a short shrift to the implementation and documentation of financial controls could be a misconception: No large volume of formal enforcement is apparent, but it has been done. A case against Robert Guccione and Penthouse magazine in 2005 and a case involving Cedric Kushner Promotions in 2004 are two of those enforcement actions by the SEC for failures in this area (Montana, 2007, p. 2). Effects on Corporate America The compliance regimes commonly impose recordkeeping requirements which are usually quite detailed and stringent.
It became a frustrating situation to a number of corporate compliance personnel, specifically those who are charged with documenting and recording compliance processes. Many find the requirements to be disgusting and burdensome. However, these requirements provide a safety measure. They set a compliance framework—describing the kinds of records that should be kept, the kinds of processes about which records should be kept, and therefore, about what processes should occur. This brought about records that document whatever it is that the regulators in question have determined as important and should be recorded.
As the Act itself does not contain any recordkeeping requirements or any record retention periods, save in cases wherein accountants maintain audit work papers, SOX and its regulations are considerably devoid of this sort of detailed recordkeeping requirements, whereas implementing regulations is a little better. In consequence, many corporations have disbursed considerable amounts of time, money, and other resources devising SOX compliance manuals, processes for documenting financial controls, and other different activities with the small assurance that what they are doing would suffice.
They settled eventually into whatever pattern of compliance and documentation they saw best, most likely an exhaustive and intrusive self-audit process with equally exhaustive documentation. These corporations are hoping and putting their faith into believing that subsequent amendments to this Act, its regulations, or jurisprudence would give light on the matter before they would end up in court (Montana, 2007, n. p. ) Conclusion Six years have passed since the SOX was enacted. Its implementation was delayed two years; therefore, it has been in full force and effect for only four years.
The tendency is that, legislations have to be around for a long period of time before their loopholes are remedied. At the least, they are remedied by amending the legislation itself. Six years is not a long time at all in the legislation business. It is not enough that businesses see the law as too harsh and thus, it must be changed. Its effects must permeate to the point where a majority of the community affected and the public in general actively secure its revision or change. Only then will it be changed.
A number of huge events have stolen the attention of the Congress, corporations, and the public—the war in Iraq, a divisive and bitterly contested presidential election, global warming, issues in trade, SEC attention to other issues like backdating of stock options, and a highly partisan atmosphere and series of scandals in the Congress itself, among others. These events put SOX in ad interim oblivion. As a result, the Act itself remains un-amended. Hence, the criticisms hurled at its provisions six years ago remain valid today.
That apparently explains why we are still in the mess that we are in right now despite the noble purpose of the Act to put an end to corporate problems. The SOX is a young law. So far, the SEC declines to give much in the way of hard rules of compliance, yet it goes on in conducting dialogues with business leaders, the accounting industry, and other interested parties. Business, for its part, has effectively absorbed or passed along the cost of SOX as an expense of doing business. Despite the fact that many are complaining about the cost of SOX, nobody is as yet unable to meet it.
At some point, Congress may revisit and reconsider the law, and SEC meetings and conversations with business may yet result in more concrete guidance and rules. In addition, court cases that are largely confined to various accounting fraud and similar matters may yet produce substantive guidance from the courts. In other words, corporate America must wait for this young law to mature. Only then will it be known whether or not SOX is in fact the cure for all fighting corporate corruption. References Gallegos, F. (2003, December). Sarbanes – Oxley act of 2002 and Impact on the IT Auditor. Retrieved October 10, 2008 from
http://www. itknowledgebase. net/dynamic_data/2928_1724_76-10-01. pdf Montana, J. (2007, November/December). The Sarbanes-Oxley Act: Five Years Later. Information Management Journal, 41 (6). Retrieved October 10, 2008 from Find Articles Database: http://findarticles. com/p/articles/mi_qa3937/is_200711/ai_n21137912/print? tag=artBody;col1 U. S. Securities and Exchange Commission. (2008, August 28). Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports. Retrieved October 10, 2008 from www. sec. gov/rules/final/33-8238. htm.