“I think that the spread (of SOX-type laws) worldwide continues in places far off, and it will continue that march forward. That’s all to the benefit, frankly, of the investing public, the people that invest in companies and create jobs and make a better life for everybody else. That is really what it is all about.” (1)
~Rep. Michael G. Oxley at a SOX 10-year anniversary forum
“We established the PCAOB, the Public Company Accounting Oversight Board, to oversee auditors and so that the monitoring of the conduct of auditors shifted from self review, peer review which had been the case up to this point, to an outside independent objective body to do that job. I think the consequence of that has been significantly enhanced auditing standards and auditing practices. And the profession generally agrees with that. I mean, they perceive it the same way.” (2)
~Sen. Paul S. Sarbanes at a SOX 10-year anniversary program
Having survived the existential threat of a Supreme Court challenge and several attempts, some successful, to scale back internal control provisions of the Sarbanes-Oxley Act, the legislation has fundamentally changed public company disclosures, auditor oversight, and corporate governance over the last nearly two decades. Initially wary of the new regulator, the auditing profession has come to accept and collaborate with the PCAOB to the benefit of audit quality. Despite a vocal group of critics still concerned about the cost and burdens of SOX compliance, a growing body of evidence points to the benefits and efficacy of SOX.
One area where the implementation of SOX has faced severe challenges is international inspections of registered audit firms in China and Hong Kong. Since 2007, Chinese authorities have impeded PCAOB from conducting inspections of PCAOB-registered audit firms by invoking concerns that audit papers contain state secrets. However, the PCAOB has conducted inspections of registered firms in more than 50 non-U.S. jurisdictions, building constructive relationships with its international counterparts. Many of these jurisdictions have enacted their own SOX-type laws, using the Act as a model to create their own mechanism for enhancing investor protection and strengthening corporate governance.
In the aftermath of the Sarbanes-Oxley Act, the audit profession wondered what to expect from its new regulator.
“It was a traumatic time, watching one of the Big Five firms disappear as we were trying to scrub every process that could possibly touch audit quality,” said James S. Turley, former Chairman and CEO of Ernst & Young. “I’d like to say that we tried to embrace the PCAOB and the overall vision from Day 1, but you never get everybody at the start.”
“There was a lot of hand-holding and counseling to the audit partners,” Turley continued. “The first inspection reports were pretty ugly at all the firms, so we digested it and learned from it I wouldn’t say that inspections ever became routine, and our partners were always on edge when their audits were picked, but they actually understood that this was a helpful process to make us all better.”
“It didn’t take a long time for us to figure out that the PCAOB was a part of our world and we needed to address them in a positive way,” said Sam Ranzilla, KMPG’s former National Managing Partner for Audit Quality and Professional Practice. “Over time, we basically embraced when they said, ‘We think you need to do something in order to improve the quality of your audit work.’”
Early on, the firms were interested in sharing their resources and insights with the PCAOB. While the Board wanted the firms’ input, it took a very cautious approach to accepting their assistance. In 2007, the profession launched a policy and advocacy group known as the Center for Audit Quality (CAQ) that engages key stakeholders in public company auditing and financial reporting, including academics, audit committees, preparers, internal auditors, investors and others.
“With a great deal of foresight and self-reflection, the profession realized that they needed an organization that would not just focus on the needs of public company auditors but also needed to further contribute to and enhance audit quality,” said Cindy Fornelli, CAQ’s first Executive Director. “CAQ was a place where we could convene and collaborate all of the different players and points of view to work through the important auditing issues of the day.” While the AICPA represents the entire accounting profession, the CAQ focuses exclusively on public company auditors.
“It was great to have a convener,” said Robert J. Kueppers, former Vice Chairman and Deputy CEO of Deloitte, who was instrumental in founding the CAQ. “The PCAOB, not wanting to show favorites, had to call everybody, but we urged them, call the CAQ, they can pull us together.”
“It was like talking to the profession as a whole, without each individual firm, and I think that was helpful,” said Sam Ranzilla.
“It was an environment where there was a concern that if anyone raised their head above ground level, it might get shot off,” said Jim Turley, who served as the CAQ’s first Governing Board Chair. “So you wanted someone to be able to speak more for the profession, and not speak for a particular firm. The profession realized that given the amount of change that was coming, having an organization principally focused on the public policy perspectives of auditing could be helpful in participating in the dialogue.”
The CAQ also focuses on knowledge sharing across the profession, including with small and medium firms as well as with preparers and audit committees. “To the extent that one firm identifies a significant audit or financial reporting issue, the whole profession benefits from that knowledge,” said PwC’s Mike Gallagher who served as the chairman of CAQ’s professional practice executive committee.
The CAQ, now led by its second director Julie Bell Lindsay, sees its mission as advocating policies and standards that promote public company auditors’ objectivity, effectiveness, and responsiveness to dynamic market conditions.
SOX garnered intense criticism from its earliest days. Many in the business world viewed it as “a politically motivated over-correction that would lead to a loss of risk-taking and competitiveness.” (3) However, more than a decade of research has demonstrated significant benefits stemming from the Act.
A Glass Lewis 2007 study of companies that had completed two rounds of Section 404(b) audits, the SOX requirement that an outside auditor attest to the accuracy of management’s report on internal controls, found that the median stock return of companies that disclosed material weaknesses in 2006 underperformed the Russell 3000 stock index. (4)
A July 2013 U.S. Government Accountability Office report found that since the implementation of SOX, companies exempt from compliance with Section 404(b) have restated their financials at a higher rate than those who must comply with the requirement. The report also showed that the costs to comply with Section 404(b) have declined for companies of all sizes since 2004. Companies that underwent auditor attestations reported such benefits as improved internal control and increased reliability of financial reports. Opinions were mixed as to whether the costs outweighed the benefits. GAO also reviewed several empirical studies, a majority of which suggested that complying with Section 404(b) had a positive impact on investor confidence.
A 2014 Harvard Business School study reviewed findings from more than 120 papers in accounting, finance, and law and concluded that markets have benefited from SOX implementation. This research did not support the fears that SOX would reduce levels of risk-taking, shrink investment in research and growth, or curtail the number of companies going public. The study maintains that the pricing of initial public offerings (IPOs) after SOX became less uncertain. Although the cost of being a publicly traded company did cause some firms to go private, research shows those organizations were smaller, less liquid, and more fraud-prone. (5)
The American Accounting Association published a 2017 study demonstrating that Section 404(b) provides “an early warning system” for company fraud. (6) The study found “a statistically and economically significant association between material weaknesses in internal controls and the future revelation of fraud.” (7) The research revealed that the incidence of fraud disclosures at companies previously found to have material weaknesses is 80 to 90 percent greater than among the general population of firms. Of the 127 fraud cases identified in the study, 30 percent were preceded by auditor reports of material weakness in internal controls. (8)
A 2018 Bloomberg editorial maintained that the decline in new U.S. IPOs as a percentage of the worldwide total is a longtime trend that precedes Sarbanes-Oxley and has more to do with the worldwide proliferation of stock exchanges than with any fault in the U.S. regulatory system. (10)
SOX is considered the gold standard for financial reporting. Many private companies must comply with various SOX provisions if they deal with venture capital or private equity investors, lenders, and insurers. SOX compliance facilitates raising capital, through the private market or through an IPO. SOX compliance also makes a company a more attractive acquisition, as its value is increased through its enhanced ability to borrow money and raise capital.
In 2007, Chinese and Hong Kong audit firms first refused to allow the PCAOB access to audit work performed in China.
The following year, the PCAOB faced its first serious roadblock in international inspections when it was unable to conduct inspections of several audit firms scheduled for that year located in China, Switzerland and 10 EU countries.
In 2011, the PCAOB reached an agreement with Switzerland to conduct joint inspections. Later that year, the EU opened the door for the PCAOB to negotiate individual terms with each member state when the PCAOB reached an agreement with the Netherlands to conduct joint inspections. However more than a decade later, mainland China and Hong Kong have not provided access to audit work papers or allowed inspectors on their soil.
At a 2010 February EC conference in Brussels a representative from the Chinese Ministry of Finance (MOF), Yuting Liu, took to the stage following an address by PCAOB Office of International Affairs Director Rhonda Schnare Schmidtlein. Thumping his fist on the table, he said, China’s position in the “past, present, and future” is that foreign regulators will not be allowed direct entry into the Chinese market. (11) Schmidtlein replied that not one member of the current PCAOB Board would vote for full reliance on Chinese inspectors. Despite years’ worth of additional negotiations, neither side seems to have moved from these positions.
In March 2011, the PCAOB’s Office of Research and Analysis published its first Research Note to highlight concerns about audit quality in audits of Chinese Reverse Mergers, which occur when a private Chinese company merges with a public U.S. shell company, gaining access to U.S. capital markets without undergoing an IPO. The PCAOB first raised the topic in Audit Practice Alert No. 6, nine months earlier, when inspectors observed that some U.S. audit firms were not conducting audits of companies with operations outside of the U.S. in accordance with PCAOB standards. In a 3 1/2-year period, 159 Chinese companies conducted reverse mergers, while only 56 Chinese companies completed IPOs.
In early 2011 through 2012, many of these Chinese reverse merger companies were delisted or suspended from trading in U.S. markets for fraud, allegations of misreporting on financial statements, and insolvency. The PCAOB’s Enforcement Division launched several investigations into potential auditing issues surrounding those public companies. After years of negotiating for access, in May 2013, the PCAOB, the China Securities Regulatory Commission (CSRC), and the MOF executed an enforcement‐related Memorandum of Understanding. However, the Chinese did not honor the agreement. The PCAOB was never able to take testimony from witnesses in mainland China, and requested documents were not released or were turned over months late and heavily redacted.
As for inspections of audit firms in China, the PCAOB has entered into talks with the MOF and the CSRC both of which have jurisdiction over Chinese audit firms. The PCAOB has participated in discussions at the Treasury‐led U.S.‐China Strategic and Economic Dialogue. In 2017, the PCAOB attempted to conduct a pilot inspection of one China‐based firm, but the CSRC refused direct access to a series of relevant work papers and redacted numerous others on the basis of national security or state secret concerns. (12)
In conducting inspections and investigations consistent with its mandate, the PCAOB needs the ability to select engagements to inspect and gain access to firm personnel, audit work papers, and any other documents deemed relevant. However, the Chinese have refused to let the PCAOB determine which audit engagements to inspect, by denying them access to state‐owned enterprises, as well as Baidu and Alibaba, two of the largest China‐based public companies. The Chinese have also refused to commit to a recurring cycle of inspections that would enable the PCAOB to meet the SOX-mandated triennial inspection schedule for firms that issue audit reports for 100 or fewer public companies. (13)
“We were dealing with people at the CSRC who I thought were acting in good faith, they wanted to get to ‘yes’, but you never know whether the people whom you are dealing with have authority,” said James R. Doty, former PCAOB Chairman, who worked tirelessly to gain inspection and enforcement access in China.
In order to inform investors in these Chinese and Hong Kong-based companies, with a market capitalization well over $3 trillion, that they are not receiving the safeguards for investor protection mandated under SOX, the PCAOB maintains a section on its website describing its China-related access challenges and naming the issuers whose auditors have not been inspected. This situation creates unfair advantages for audit firms in China and Hong Kong and could potentially jeopardize PCAOB’s formal cooperative agreements with other jurisdictions, which have taken more than a decade to put in place. (14)
Initially, many in the international community believed the Sarbanes Oxley Act was “an American response to a uniquely American problem.” (15) But in quick succession following Enron and WorldCom, a series of major accounting failures were discovered at several non-U.S. companies including Parmalat, Vivendi, Hollinger, Ahold, and Royal Dutch Shell that prompted many other countries to adopt independent audit supervisory regimes, or strengthen existing entities. (16) SOX-like laws spread throughout the world. Today more than 50 countries across the globe, including almost all advanced or emerging markets, have an audit regulator that is independent of the audit profession, conducts regular inspections of audit firms, and many possess disciplinary, licensing, and standard-setting powers.
In 2006, the International Forum of Independent Audit Regulators (IFIAR) was formed to enable these regulators to share information and exchange ideas. The PCAOB did not join at first, worried that IFIAR was seeking to become a regulatory body that might try to reign it in. “We were very leery of having an organization that would curtail our ability to oversee the registered auditors of the PCAOB,” said Rhonda Schnare Schmidtlein, former Director of the PCAOB’s Office of International Affairs.
With its initial concerns dispelled, the PCAOB joined in 2007, and IFIAR has proved to be a powerful platform for promoting global collaboration and audit quality. Several PCAOB Board members and senior staff have served in leadership positions at IFIAR and its six working groups including Dan Goelzer, Lew Ferguson, Steve Harris, and Claudius Modesti.
Envisioned first as a blueprint in the Sarbanes-Oxley Act, the PCAOB was brought into existence by a series of dedicated Board members and staff who, without the benefit of manuals or templates, constructed the three main pillars of the Board - standard setting, inspection, and enforcement - through innovation, experimentation, and perseverance. Hindered by a fumbled start and a laughable nickname, the PCAOB over time, established a prominent place for itself in the ecosystem of national and international financial regulation.
The work of the Board, however, is an ongoing mission that continues to require focus and vigilance. Markets are constantly changing, and advancements in technology, including “big data” and cybersecurity, are providing new tools and challenges for auditors. Corporate reporting is also evolving, with investors getting faster and more efficient access to information crucial to their investment decisions.
Chairman Bill McDonough, in a 2005 farewell address to Financial Executives International, laid out the enormity of the PCAOB’s mandate. “Restoring confidence is not a project that can ever be considered ‘finished.’ You must maintain your focus on that goal, and the PCAOB must continue to play its role in keeping that goal front and center.”
The Sarbanes-Oxley Act and the Public Company Accounting Oversight Board have had a profound effect on the integrity of financial reporting, the reliability of public company audit reports, and the strengthening of corporate governance. However, the work to sustain investor confidence continues, as each successive Board takes up the mantle to protect investors and the public interest by promoting informative, accurate, and independent audit reports for public companies as well as brokers and dealers.
(1) The Journal of Accountancy, “Lawmakers reflect on Sarbanes-Oxley’s Effect on Corporate Culture,” by Neil Amato, July 30, 2012.
(2) SEC Historical Society Program, “The Sarbanes-Oxley Act: The First Decade” The George Washington University, July 30, 2012.
(3) Harvard Business School Working Knowledge, “The Costs and Benefits of Sarbanes-Oxley,” by Julia Hanna, March 10, 2014.
(4) Glass Lewis & Co, “The Materially Week,” by Mark Grothe, Feb. 27, 2007.
(5) Harvard Business School Working Knowledge, “The Costs and Benefits of Sarbanes-Oxley,” by Julia Hanna, March 10, 2014.
(6) American Accounting Association press release, “Internal Control Weaknesses and Financial Reporting Fraud,” Sept. 5, 2017.
(9) Ernst & Young, “The Sarbanes-Oxley Act at 15,” June 2017.
(10) Bloomberg Opinion, “Where Have All the Public Companies Gone?” April 9, 2018.
(11) The Accountant, “Regulators in Oversight Stand-Off,” by Carolyn Canham, March 26, 2010.
(12) President’s Working Group Report on Protecting Untied States Investors from Significant Risks from Chinese Companies, “Appendix A: Letter from PCAOB Chairman William D. Duhnke III to the Presidents Working Group,” July 10,2020.
(15) Lewis Ferguson speech, “Global Developments in Audit Oversight,” June 13, 2016.
The virtual museum and archive is copyrighted by the SEC Historical Society. The Society reserves the right to restrict access to or use of the museum by any user at any time.
Users are prohibited from sharing or downloading any material for publication or commercial purposes without written permission from the Executive Director. Requests for permission must be submitted by email and specify the material requested and for what purpose.
Material used with the Society's permission should be credited to: www.sechistorical.org.