SOX and Internal Controls

Quick Overview

Internal Controls and SOX. All you need to know
Internal Controls and SOX. All you need to know

The SOX and internal controls relationship questions always comes up. However, I am very happy when I hear it because understanding its roots is critical.

Let’s start with what SOX is not! It is not a pair of socks, a baseball team, or a SOC report. SOX stands for Sarbanes-Oxley Act of 2002 and is a set of regulations to enforce internal controls over financial reporting for publicly traded companies.

What is it and why is it so important?

You know the saying that a strong core is everything? Well, I feel the same way about the SOX history and its lifecycle. As a strong internal control over financial reporting eco-system promotes financial accuracy and integrity.

Let’s dive into the SOX history! Like everything in life, SOX has a history and is a juicy one. 

What is SOX and Internal Controls?

As part of my SOX training courses, I spend quite a bit of time on the SOX history as I am a visual learner. By seeing it, not only that I understand it better, but it helps me remember the content. 

As its title states, the SOX Act of 2002 passed in 2002. At a high-level, it enforces an internal controls over financial reporting environment and promotes management accountability. Its ultimate goal is to promote a stronger or more accurate financial statements reporting. So, SOX was created to enforce and promote internal controls.

I already mentioned this a few times already and I will probably do it again by the end of this post hoping that you will remember it.


So investors and stakeholders have more confidence in the annual reports made public by the publicly traded companies. 

What Caused SOX?

A few financial reporting scandals ended in the collapse of many major corporations in 2001 and 2002. The U.S. Securities and Exchange Commission (SEC) started investigating Enron and Arthur Andersen in 2001. 

What happened next?

Enron files for bankruptcy and Arthur Andersen is convicted by the Department of Revenue. Also, in 2002, SEC investigates WorldCom and WorldCom files for bankruptcy. Can you see the trend?

On July 30, 2002, SEC signed the Sarbanes-Oxley Act. As mentioned above, the goal was to promote a system of internal controls, management accountability, and protect investor relying on the financials made public by companies. 

The fine tuning of the SOX Act of 2002 continued in 2003 and 2004. In 2004, the First 404 attestation was finalized. 

One other major event that happened in 2002 is the establishment of PCAOB. Many argue that SOX created PCAOB, which is a non-profit organization that “establishes, adopts, or both, auditing, quality control, ethics, independence, and other standards relating to the preparation of the audit reports for public companies in accordance with Section 103 of the Sarbanes-Oxley” (AICPA).

I will cover PCAPB in a different post, but I wanted to mention it because in 2001 and 2002, SEC investigated both Enron, which was a publicly traded company and Arthur Anderson, who was its external auditor.

Does It Make Sense? Let’s Recap

Due to Enron-like financial reporting issues, SOX was created to promote a system of internal controls hoping it will lead to more reliable financial information presented to the public.  

Due to the Arthur Andersen scandal, PCAOB was created to establish, adopt, and enforce a system of audit standards for companies performing financial statement audits for publicly traded companies. 

SUBSCRIBE for more tips and tricks.

Leave a Comment


No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *