Twenty Years On, SOX has Improved U.S. Corporate Reporting & Audit Quality
Global Investors See Need for Several Improvements in U.S., and Say SOX-Like Enhancements Need Implementation Globally
Saturday, July 30, 2022, represented the twentieth anniversary of the passage of the Sarbanes-Oxley Act (SOX). Investors have seen the behavioral benefits of SOX on the quality of U.S. corporate reporting & auditing, but improvements are still needed. Across the pond, even more significant enhancements are needed in comparable provisions in the UK and Europe.
Two of the provisions that have been particularly effective in improving U.S. corporate reporting are Section 302, Corporate Responsibility for Financial Reporting, and Section 404, Management Assessment of Internal Controls. It’s not the certifications, attestations, and audits themselves that have enhanced the quality of corporate reporting and audit but the behavioral changes they have spurred. What really improved corporate reporting in the U.S. was the accountability and the resulting resource allocation to the financial reporting function as companies adopted these SOX provisions.[i]
Recent corporate scandals and failures in the UK (e.g., Carillion) and in Europe (e.g., Germany’s Wirecard) have spurred investor organizations such as ours to dig into the existence of SOX-similar provisions globally. Even after nearly four years of debate the UK government – despite our request to do so – has not implemented these important provisions noting that they believe the pseudo-SOX is “proportionate”. We disagree.
The European Commission’s consultation on Corporate Reporting in the aftermath of Wirecard demonstrates that while they have made reforms related to the audit profession, their corporate governance patchwork means that adequate management accountability remains insufficient. Auditors, and audit regulators, can only identify and report problems after they have occurred, but they are not empowered to fix them. The EU needs similar provisions to those is SOX focused on enhancing management accountability.
Sarbanes Oxley has put accountability squarely where it belongs – with management – and where financial reporting issues can be best addressed on an ex-ante basis. Investors in the U.S. market benefit from this greater management accountability and corporate governance in the UK and Europe need to follow suit.
Another positive from the passage of SOX in the U.S. has been the creation of the Public Company Accounting Oversight Board (the PCAOB)[ii]. The PCAOB has provided greater transparency to investors through the disclosure of audit partner names, the expansion of the audit report and the establishment of a regulatory review of auditors. Despite recent reports of political wrangling, the PCAOB is the strongest audit regulator globally.
While the UK is improving its financial reporting and audit regulator, the Financial Reporting Council (FRC), which will at some stage become the Audit, Reporting and Governance Authority (ARGA), this is taking quite some time. In Europe there is much, much more to do to establish stronger audit regulatory oversight at a local and pan-European level. In our commentary earlier this year[iii] we suggested the European Securities Market Authority (ESMA) play a bigger role in such audit oversight, like it does for financial reporting.
There is still room for improvement in the U.S., and globally, as audit remains a credence good. Investors still have little insight into the quality of the audit and the work done on their behalf by auditors and audit committees, and from audit regulators for that matter. That is why investors would like the extended audit report in the U.S. to not only include the identification of the critical audit matters and the procedure performed, they would also like disclosure of the results of such audit procedures. Something that remains optional at this time.
As importantly, or possibly more importantly, investors would like the PCAOB to develop audit quality indicators (AQIs) at the level of the company under audit (engagement level AQIs) which may not initially, but ultimately, can be shared with investors. This is a key improvement we have proposed in our commentary to the US, UK and European regulators and legislators.
The UK government has recently proposed audit firm level audit quality indicators, but investors need engagement level AQIs. While many seem to believe audit quality is an elusive immeasurable concept, investors see it as something that is achievable and necessary – as with products equally, if not important to our existence – to be able to help improve, for their benefit, audit quality and to move audit out of the realm of a credence good.
[i] Research by the CFA Institute’s Research Foundation, Restraining Overconfident CEOs through Improved Governance: Evidence from the Sarbanes-Oxley Act (Digest Summary) (cfainstitute.org) has evidenced the behavioral improvements.
[ii] Specifically Sections 100, Public Company Accounting Oversight Board
[iii] See our commentary to the UK Government at:
See our commentary to European Commission at
If you liked this post, consider subscribing to Market Integrity Insights.
Photo Credit: ©iStock/Getty Images Plus/designer491