Let me take you back to the era of Y2K, my sweet summer children. Destiny’s Child and Christina Aguilera ruled the airwaves. Jennifer Aniston and Brad Pitt were married. And auditors had relationships that were just a little too cozy with their clients—and Republicans and Democrats were able to agree, almost unanimously, on a massive piece of legislation. Truly, it was another time.
Prior to 2002, it wasn’t unusual for auditing firms to have lucrative consulting contracts with the selfsame clients they audited. This was the case with Big Five firm Arthur Andersen and Enron, the seventh-largest company trading on the US stock market. Then, in 2001, Enron went bankrupt amid an SEC investigation for fraud.
Enron’s executives had been cooking the books, courts found, and multiple Senate and House committees found that Arthur Andersen’s accounting practices facilitated their fraudulent activity. Arthur Andersen admitted to shredding Enron documents, was convicted of obstruction of justice, and was forced to stop auditing public companies.
Investors’ confidence in capital markets was shaken. In response, Senator Paul Sarbanes, a Democrat from Maryland, and Representative Michael Oxley, a Republican from Ohio, proposed a bill that would regulate the auditing profession through the creation of the Public Company Accounting Oversight Board (PCAOB), render auditing firms more independent, require more robust reporting over internal controls, and hold top management responsible for the content of financial statements.
The Sarbanes-Oxley Act, or SOX, as it was abbreviated, enjoyed broad bipartisan support. It passed almost unanimously in the House and Senate and was signed into law by President George W. Bush in July 2002.
The introduction of SOX signaled an evolution in how finance and accounting professionals fit within their organizations and the work they were expected to do.
SOX: The early years: SOX “created a lot of new challenges for the accounting profession in terms of resources,” Vin Nguyen, a partner at accounting firm UHY with 30 years’ audit experience, told CFO Brew. Nguyen was promoted to assurance manager around the time SOX became law. He remembers that firms needed to design and implement new audit approaches, all while absorbing an influx of new clients that had once belonged to Arthur Andersen.
On the client side, SOX brought challenges as well. The “cost of auditing skyrocketed,” former SEC Chair Mary Jo White said during a panel session at St. Joseph’s University. So did the cost of going public. In fact, SOX may have contributed to the private equity boom, Nguyen, who’s worked on many IPOs and SPACs, surmises.
Companies, he said, are “always contemplating, does it make sense for us to be a public company, or does it make sense to stay private and take on the capital from private equity” and not have to deal with SEC requirements?
Binders full of…documentation: Julie Bell Lindsay, now CEO of the Center for Audit Quality (CAQ), joined the SEC as counsel to Commissioner Cynthia Glassman, in the office of rulemaking, just a few months after SOX became law, and helped to implement it. She describes the atmosphere at the SEC as “exhilarating…We really felt like we had a lot of work to do to instill trust back in the capital markets,” she told us.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
The SEC was responsive to concerns that SOX would be too burdensome for companies to comply with, Lindsay said. She recalled an incident when she and Glassman visited a company to discuss corporate reporting. The company’s CFO had staff roll in a dolly cart stacked with some ten or twelve binders, which contained “the number of sub-certifications that had to be prepared to comply with AS2 [Auditing Standard 2] and the CEO-CFO certifications,” Lindsay remembered.
She and Glassman realized they had a problem. “If this is what we’ve created, we’ve gone way too far overboard,” she thought at the time. “That really impressed upon me the need in any policymaking exercise for engagement with impacted stakeholders to understand the practical implications.”
Later, she worked with Commissioner Glassman on the implications of those initial rules, working to “get the same objectives of having robust internal controls over financial reporting” while making the rules less burdensome.
Put a SOX in it: Twenty-plus years on, has SOX been worth all the Sturm und Drang? Definitely, Lindsay said, pointing out that we haven’t had an Enron- or WorldCom-scale scandal since SOX was implemented. Restatements, she said, are at “historically low levels.” CAQ research shows that restatements peaked at 1,784 in 2006, right after many companies implemented SOX Section 404 internal control reporting, and declined almost every year since. (2021 was an outlier featuring an unusual number of SPAC-related restatements, while 2010 and 2022 showed small increases from the prior years.) In 2022 there were only 402 restatements, a drop of 77% from 2006 levels.
SOX has benefited companies as well, Lindsay said. It gives management “an additional level of confidence in their control framework,” and gives audit committees and boards confidence in what management reports to them. Nguyen believes that audit committees “take their fiduciary role and responsibility a lot more seriously” post-SOX.
And SOX has highlighted the importance of internal controls, Lindsay Rosenfeld, a partner at Deloitte with nearly 25 years’ audit experience, told CFO Brew. The regulatory oversight and guidance SOX brought with it, she said, has given organizations greater “consistency in how they identify and determine risks.”
SOX under siege? With a new presidential administration in power, shifts to SEC and PCAOB regulation are likely on the horizon. After all, Trump’s first SEC chair, Jay Clayton, replaced the entire PCAOB board, as Rosenfeld noted, and Biden’s SEC chair, Gary Gensler, replaced all but one board member. The new SEC chair, Paul Atkins, seems poised to take the agency in a more business-friendly direction. The fate of the board itself may even be in question: Atkins has been critical of it, the Wall Street Journal reported, and a core Project 2025 document recommends eliminating it and folding its functions into the SEC.
Lindsay said she would urge caution before making any changes to the PCAOB. “Those decisions should not be made in haste,” she said. “I think cost-benefit analysis always has to be considered in any discussions.” Having a strong “inspection regime over audit,” she said, reinforces the “quintessential role…that auditors play in the capital markets.”
“I think it’s without question,” she added, “that strong regulation has improved audit quality over the years.”
This is one of the stories of our Quarter Century Project, which highlights the various ways industry has changed over the last 25 years. Check back each month for new pieces in this series and explore our timeline featuring the ongoing series.
