Sarbanes-Oxley Act, usually the abbreviation SOX is used. It is an American law, named after the proposers, Paul Sarbanes and Michael G. Oxley which sets duties and responsibilities of business managers and corporate lawyers, accountants and auditors. SOX is a reaction to the fall of Enron and WorldCom, and although it is an American law, its influence goes beyond the U.S. In addition to U.S. corporations, it governs all companies that trade on U.S. capital markets as well as all the companies whose shares are held by more than 300 U.S. residents. Sarbanes-Oxley Act came into force in 2002 to reduce the risks and causes of financial problems, financial fraud and economic crime in business and increase investor confidence in the published results of the companies traded on U.S. stock market. SOX has been prepared by American non-profit organization PCAOB (Public Company Accounting Oversight Board) and it is very controversially perceived by the public (its benefits vs. induced costs in enterprises).
Sarbanes Oxley Act de-facto introduces into companies control mechanisms that are an extension of quality management systems, in particular ISO 9001. They are aimed at transparency and accuracy of accounting and financial reporting. SOX tightens control processes and places on managers the responsibility to create, maintain and evaluate internal control system and draws direct responsibility for the accuracy of financial statements.
Use of the SOX in practice: SOX tightens internal control processes in firms, which brings on the one hand, increased costs of control processes, but on the other hand, brings de-duplication, optimization, or even reengineering, which in practice turns out also on improving the functioning of the entire enterprise information system. Increased costs of internal control is most sensitive to enterprises with revenues up to 100 mil USD. Another practical effect is an increase of personal responsibility of managers at all levels of management. Another side positive effect of SOX is that by its nature helps to achieve compliance with ISO standards, in particular:
- ISO 9001 Quality management systems - Quality management system
- ISO 10005 - Quality management systems - Guidelines for quality plans
- ISO 10006 Quality management systems - Guidelines for quality management in projects
- ISO 10011 - Guidelines for auditing quality systems
- ISO 10013 - Guidelines for quality management system documentation
- ISO 14000 Environmental management - Environmental management systems
- ISO 17799 - Information Security Management System
- ISO 20000 - IT Service Management System
- ISO 22000 - Food safety management systems - Requirements for any organization in the food chain
- ISO 27000 - Information security management systems
- ISO 31000 - Risk management - Principles and Guidelines
- OHSAS 18001 - Occupational Health and Safety management systems