12 Years After SOX, The SEC Has Not Become Complacent About Compliance

Author:Mr Chase Cole, E. Marlee Mitchell, James H. Nixon III, Wes Scott, Andy E. Garrett and Jacob Weinstein
Profession:Waller Lansden Dortch & Davis

With the twelfth anniversary of the implementation of the Sarbanes Oxley Act of 2002 ("SOX") swiftly approaching, it may or may not be coincidental that the SEC has been involved in several SOX-related enforcement actions recently, including (i) bringing charges against the CEO and former CFO of a Florida-based computer equipment company for misrepresenting the state of its internal controls over financial reporting and (ii) awarding more than $400,000 to a whistleblower who reported fraudulent activity to the SEC after the whistleblower's company repeatedly failed to address the issue internally. This Bulletin, however, should serve as a clear reminder that, even with the passage of time and additional mandates to implement other regulatory frameworks such as the Dodd-Frank Act and the JOBS Act, the SEC continues to actively and aggressively monitor reporting companies' compliance with the disclosure, internal control and certification practices and procedures mandated by SOX.

What Are the Certifications Related to Disclosure Controls and Procedures Required by Section 302 and Section 906 of SOX?

Section 302 and Section 906 of SOX generally require CEOs and CFOs of reporting companies to certify to the truth, accuracy and completeness of their company's disclosures in 10-Qs and 10-Ks and to their responsibilities and duties as officers related to ensuring such truth, accuracy and completeness.

What Is the Management Report Related to Internal Control over Financial Reporting Required by Section 404 of SOX?

Section 404 of SOX generally requires reporting companies to include in their 10-Ks a report of management that reiterates that management is ultimately responsible for establishing and maintaining adequate internal control over financial reporting, assesses the effectiveness of the company's internal control over financial reporting and identifies the framework used by management for that assessment and cites the attestation report issued by the company's registered public accounting firm related to its audit of internal control over financial reporting.

If CEOs and/or CFOs Fail to Fulfill Their Responsibilities under Section 302, Section 906 and Section 404 of SOX, Are There Ramifications?

Yes, and two recent enforcement actions illustrate certain potential consequences.

Enforcement Action Against CEO and Former CFO

In a recently instituted enforcement action, the SEC alleges that the CEO, Marc Sherman, and former CFO, Edward L. Cummings, of Quality...

To continue reading