Origins of SOX

The Sarbanes-Oxley Act of 2002 (also known as SOX) originated as a result of the significant and far-reaching financial scandals of the early 2000s involving a few major corporations within the United States, including Adelphia, Enron, Peregrine, Tyco, and WorldCom, to name a few.

These scandals exposed substantial conflict of interest problems and massive incentive and compensation issues, which cost investors billions of dollars as they helplessly watched the stock prices of the involved companies collapse. Consequently, the public’s confidence in the United States’ securities market was severely shaken.

SOX is named after its sponsors US Senator Paul Sarbanes (D-MD) and US Representative Michael G. Oxley (R-OH). Senator Sarbanes had originally backed the “Public Company Auditing and Accounting Reform and Investor Protection Act in the Senate,” and Representative Oxley introduced to the House the “Corporate and Auditing Accountability, Responsibility, and Transparency Act” (CAARTA) of 2002.

A Conference Committee was organized to reconcile the differences between the two bills, and the result was officially named the Sarbanes-Oxley Act of 2002. The Senate and the House passed the bill with incredible majorities of 423 to 3, and House 99 to 0, respectively.

SOX was enacted July 30, 2002, by President George W. Bush, who said of the Act: “It is the most far-reaching reform of American business practices since the time of Franklin D. Roosevelt. The era of low standards and false profits is over; no boardroom in America is above the law.”

Although Dodd-Frank served to re-frame legislation several years later in the realty and mortgage market with similar intentions, Bush’s statement about SOX did mark the beginning of an era which strove to emphasize compliance, security, and transparency.

SOX achieves these reforms by improving corporate accountability and governance, and by protecting investors, shareholders, and the general public from fraudulent corporate activities and by improving the accuracy of corporate disclosures. SOX expands or establishes new requirements for all publicly-traded boards, management, and public accounting firms in the United States.

Additionally, there are provisions within the Act that affect and apply to privately-held companies. As a result of the Act, top management within companies must personally and individually verify the accuracy of financial information reported.

SOX made the penalties of fraudulent activity far more severe than in the past. The Boards of Directors and even outside auditors have responsibility for much broader oversight, and criminal penalties for some types of misconduct have been added.


The SOX Act consists of 11 titles or sections:

  1. Public Company Accounting Oversight Board
  2. Auditor Independence
  3. Corporate Responsibility
  4. Enhanced Financial Disclosures
  5. Analyst Conflicts of Interest
  6. Commission Resources and Authority
  7. Studies and Reports
  8. Corporate and Criminal Fraud Accountability
  9. White Collar Crime Penalty Enhancement
  10. Corporate Tax Returns
  11. Corporate Fraud Accountability

The Securities and Exchange Commission (SEC) oversees, administers, sets deadlines for compliance, and publishes the rules of SOX. The Financial Industry Regulatory Authority (FINRA) is a self-regulatory organization (SRO) that assists the SEC in regulating financial markets.

FINRA has the responsibility of enforcing rules and governing the securities industry, enforcing federal securities laws, and has the authority to discipline any individual or firm who is in violation, so their strictures are equally applicable to businesses investing in document management technologies.


SOX and Information Technology (IT) Implications

Just as the financial side of corporations is affected by SOX, so too is the information technology side. The technology that organizations use to store sensitive information must be able to responsibly and securely store a corporation’s financial archives.

Although SOX does not define how records must be stored, it does dictate which records should be stored and for what period of time. According to the Act, all business records, including electronic records and messages, must be saved for “no less than 5 years.” The consequences for not following the directives are significant fines, imprisonment, or both.

Section 802 of SOX, which is entitled: “Criminal Penalties for Altering Documents,” contains 3 rules that directly affect the management of electronic records within a company.

The first rule addresses alteration, destruction, and falsification of records and the resulting penalties of doing so. The second rule clearly defines how long records must be stored, and the third rule refers to the kinds of records that must be stored, including communication, documents, records, and electronic communication.

Relying on the audit trail functions of a document management system can simplify accordance with this policy.


Accordance with SOX in the Business Landscape

In order to guarantee proper electronic records requirements are followed, it is extremely helpful—and becoming increasingly necessary—to digitally store records,and with a system that has secure backup to a SSAE 16 certified data center or group of data centers.

eFileCabinet is the leader in document management software (DMS) and can lead any company on its way to successfully capturing, managing, and protecting data, regardless of industry. It is especially helpful for industries that receive heavy oversight. eFileCabinet has been in business for over 14 years and has more than 153,000 users worldwide.

We provide simple and effective solutions with eFileCabinet Desktop, an DMS solution to store and manage documents; eFileCabinet Online, a hosted DMS solution; and SecureDrawer, a client portal/file-sharing service to share and collaborate. We also provide custom consulting and training. eFileCabinet is fully compliant with not only FINRA, but also HIPAA, SEC, and NASD requirements.

Our clients are typically businesses that require compliance, regulation, demand thorough record-keeping. Please call us today, or fill out the form on this page, so we can help ensure your company is fully compliant with SOX requirements.[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]