The Changes Enacted and the Effects They Have On Corporate America Introduction The enactment of the Sarbanes–Oxley Act of 2002 (SOX) brings forth the requirement that corporations are to certify the effectiveness of their internal controls. “The expertise and commitment of IT professional auditors for both internal and external audit functions” are needed to help them manage or mitigate business risks against corporate fraud, inefficiencies, ineffectiveness, as well domestic and international cyber – crimes and terrorism (Gallegos, 2003, p. 1).
To realize the purpose of this Act, a series of steps were designed by the Legislature to guarantee that publicly traded corporations established and substantiated sufficient financial controls and authenticated their accuracy. On the other hand, to enforce its goals, personal liability and the possibility of criminal penalties for corporate financial officers await those who do not comply. Thus, in no time, corporate America criticized this Act and tagged it as overboard and ambiguous, for it merely sets the highest level and most general of requirements. Some believed that detailed regulations would fill in the gaps left by the Congress.
However, they were disappointed. The Securities and Exchange Commission (SEC) adopted regulations which contain the same kind of ambiguous requirements of an hazy but onerous “compliance process rather than substantive guidance on what exactly was to be done” (Montana, 2007, n. p. ) Hence, this paper focuses on the changes that were enacted by the Sarbanes–Oxley Act of 2002 and the effects they have had on corporate America, using as basis the work of J. C. Montana, a part-owner of a records and information management (RIM) consulting firm. Changes Enacted Since March 2004, the SEC has not promulgated any substantive new SOX rules.
Up to that time, the rules promulgated were the source of massive corporate criticism about ambiguity. Subsequent rulemaking comprised of rather minor adjusting with a few existing rules. Fresh amendments have not done much to lessen the ambiguity complaint. The SEC has adopted the definition of “significant deficiency” of a financial control as a deficiency, or a combination of deficiency, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrant’s financial reporting (Montana, 2007, n. p. ).
However, this definition did not explain how to determine when something is vital enough to “merit attention by those responsible” (Montana, 2007, n. p. ). In defense, the SEC reasons that the definition properly accentuated the requirements of communication among management, the audit committee, and independent auditors regarding matters which are vital enough to merit attention and permit management to use its judgment to figure out the deficiencies that need to be recounted to the audit committee and the independent auditor (Montana, 2007, n. p. ).