Every publicly traded company in the U.S. has felt the impact of the Sarbanes-Oxley Act of 2002 (SOX). The Act’s provisions are significant enough that many consider SOX the most significant change to federal securities laws since the New Deal.
Complying with SOX requires a lot of work, but SOX can also provide career-enhancing opportunities for database professionals. That’s because it requires changes to how data-related risks are managed and documented. Few SOX-preparation teams include staff experienced in designing and administering database systems, and as a result, database professionals are being called on to participate. Those who enthusiastically assist in compliance efforts often find themselves identified as “business-oriented” technical resources who are candidates for other high-value, high-profile projects. They’re also finding themselves uniquely situated to make a compelling argument for using compliance dollars to purchase database productivity tools.
Not long ago, Americans believed in the people running public companies. Investors used corporate reports and balance sheets to judge the health of a company, trusting the data on those reports because independent auditors had examined and certified them. Then came the Enron, Worldcom, and Arthur Andersen scandals, and another picture emerged.
It turned out that many companies’ financial practices had been progressing steadily into gray areas, and their auditors had been supporting—sometimes encouraging—these practices. The CEOs and CFOs who were issuing corporate reports were relying on financial data that bubbled up from various business units using different processes, different IT systems, and different data models, so no person in the organization could say with certainty that the data was complete and correct. While there have always been penalties for fraud, there were no penalties for mistakes, and it was simply too easy to “mistakenly” paint an incorrect picture of a company’s financial health.
Investors and politicians got fed up by fraud, greed, plausible deniability by executives, too little transparency into corporate processes, and lack of accountability. Finally, Congress passed SOX, which was sponsored by U.S. Senator Paul Sarbanes and U.S. Representative Michael Oxley.
What Is Sarbanes-Oxley?
SOX applies to publicly traded companies and the firms that audit their financial statements. The Securities and Exchange Commission (SEC), which has jurisdiction over publicly traded companies, and the newly created Public Company Accounting Oversight Board (PCAOB), which reports to the SEC and oversees auditing firms, enforce SOX.
The stated purpose of SOX is to “strengthen corporate governance and restore investor confidence.” What’s it really about? Data! The many provisions of SOX are designed to ensure that:
- Data that appears on corporate financial reports is complete and accurate.