Prior to SOX (the Sarbanes Oxley Act), if any material misstatements (which could lead to restatements, law suits by shareholders, etc.), Company sued their (external) Auditors.
The Trigger (for the SOX Act)
The high-tech bubble burst in 2000.
- SEC named names.
Accounting Malpractice (by Enron, WorldCom, etc.) and Misstatements/Restatements (by Amazon, etc.)
- The U.S. stock market needed to regain credibility.
The Purpose of SOX is;
To hold Company Management Accountable – NOT (external) Auditor
NOTE: What this means, for example, would be that the burden of proof, should the company be sued at all, would rest on CFO/CEO, who would need to prove their certification (under SOX 302; i.e., what the logic was when they said, “our internal controls are effective”).
(An example of the ill-conceived statements would be, “we did what our auditors told us to do.)
- CEO and CFO must certify (SOX302).
Consequence
Regardless of whether it’s fraudulent or not, if they certified that their internal controls over financial reporting (ICFR) was free from material misstatements when it was not in actuality;
- CEO and CFO could go to jail (SOX 906).
In short, the objective of the SOX Act 2002 appears to protect auditors (of an SEC listed company) from being accountable, or even convicted, for their SEC-listed client’s misinforming the public shareholders.