Sample Law Paper on SOX Regulations


            SOX is a federal law of the United States that outlines the requirements for all public accounting firms and public company boards of the U.S. As an Act of Law, SOX is comprised of a number of sections and provisions applies to both public and private companies. There are eleven (11) sections, all of which were enacted as a means of responding to the key corporate and accounting scandals in the United States. Further, the sections of the Act covers various responsibilities that are expected of the board of directors of public companies, and provide for criminal penalties for those found guilty of gross misconduct. SOX also provide standards and regulations that every public company is expected to comply with. The purpose of this paper is to review the SOX regulations and evaluate the sections that impact the companies, indicate the sections that impact greatly on the external auditor, provide an evaluation of the external auditor’s response options as well as evaluating the cost and benefit ratio for companies that are required to comply with the SOX.

SOX Sections that have the Most Impact on Companies

The section that has the most impact on companies include Section 404 that has the most impact on the small companies in the U.S. The smaller firms are affected so much because each of them is expected to meet a given fixed cost that applies to all companies. According to Wang (2008), SOX Section 404 has serious negative effect on the firms especially the smaller ones following the unfair distribution of costs. For example, large firms operating in the U.S with over $5 billion spent as less as 0.06% of their revenue for SOX compliance while on the other hand, the smaller companies with revenues below $100 million spent 2.55% of the revenue to meet the compliance cost (Wang, 2008). By doing simple analysis of these two figures, it is undoubtedly true that the compliance costs is too high for the smaller companies as compared to those of the big companies.

Further, the smaller companies’ lack of familiarity as well as the experience in coping up with the rules of Security Exchange Commission puts these smaller companies in a bad condition characterized with steeper learning curves (Prentice & Bredeson, 2010). For this reason, the internal control structure of these smaller companies become more vulnerable than the bigger companies do. The survey conducted by the Government Accountability Office of the U.S shows that smaller companies usually hire consultant accounting firms to assist them in carrying out planning, documentation, and the assessment of various internal controls, but because big companies rely much on their own employees, which makes them not to go for external consultant.

Lack of internal audit functions by the smaller companies in the United States, and because of this, they lack the capability of meeting the requirements of the internal controls. This is the reason as to why they rely on the services of the auditing companies such as the PricewaterhouseCoopers and Deloitte to certify their books of accounts (Prentice & Bredeson, 2010). Additionally, Section 404 is based on the framework of the Treadway Commission of 1992 that outlines the need to have internal audit functions, and because the smaller companies lack this functional unit, the SOX’s Section 404 negatively affects it.

Other than impacts on smaller companies, Section 404 of the Sarbanes-Oxley requires every company to document and test their financial manuals as well as the automated internal controls to allow for the adequacy in reporting the company’s internal controls. In other words, SOX’s Section 404 requires the management of each company to consider automating its financial reporting systems and produce its internal control report. The negative impact of this legislation is that the compliance costs is quite high. Because of this, the Public Company Accounting Oversight Board (PCAOB) released a guidance that allows the management and the external auditor to assess the design and the operating effectiveness of the internal controls (Prentice & Bredeson, 2010). Above all things, it should be noted that SOX’s Section 404 calls for the companies to automate their financial reporting systems in order to achieve efficiency since automation helps in reducing the cost of assessing the manual control procedures.

SOX’s Section with the Greatest Impact on the External Auditor

One of the sections that impacts on the external auditor include Section 302, which is all about disclosure controls. Section 302 of the SOX permits the internal controls procedures to be designed so that accuracy in financial disclosure can be ascertained. At a time when periodic reports are being prepared, the officers responsible for appending their signature on the internal controls, must also certify that they bear the responsibility on the matters contained on those procedures, and that the information relating to the company is known to them. Besides, the must do an assessment on the effectiveness of the internal controls of the company (Prentice & Bredeson, 2010). This is because, the external auditors are expected to issue a statement of opinion as to whether internal controls were effectively maintained over financial reporting. However, this role does not bar them from performing their main routine duty of expressing their opinion regarding the accuracy of the financial statements.

Another section of the Act that impacts the external auditors is the Section 303 of the Sarbanes-Oxley Act that discusses the improper influence on conduct of audits. The external auditors are highly valued professionals who can analyze the financial statements of the company, and while discharging their roles, no other external force should influence their opinions (Ernst & Young LLP, 2012). As outlined Section 303, there are strict rules prohibiting any officer or the director of the issuer to fraudulently influence, force, manipulate or even mislead the independent auditors from effectively executing their roles in analyzing the financial statements of the company.  The implication of this is that under civil proceedings, the investors have no say whatsoever in enforcing the rule, except the Security and Exchange Commission (SEC).

This section of the Act protects the auditors’ rights, thus allowing them to express their free and fair opinions without feeling the pressure. According to Prentice & Bredeson (2010), the provision in this section is much concerned with the finding a proper solution to common deficiencies in auditing practice in which the auditors’ opinions are subject to manipulations. In this regard, SOX necessitates that every company should establish and make the ethical codes to be very effective, thus, prohibiting the top officials from the public companies from gaining unfairly (Prentice & Bredeson, 2010). Further, it can be deduced that giving a falsified information or lying to an external auditor is unlawful, and the provision is right in place to protect the outside auditors against unnecessary confrontations.

External Auditor’s Response Options to Auditors Limiting Testing and Scope of Engagement

The external auditors have the following options in requesting the external auditor to confine testing as the scope in performing audit engagement by considering some ethical requirements (McConnell & Banks, 2003). While performing procedural audit, the external auditors should consider counting the inventories at the end of each reporting period or date to prevent situations that would result into the manipulation of balances that do occur in the periods between the completion date for counting and the time for reporting (United States Securities and Exchange Commission, 2009). Usually, this helps in minimizing risks that might occur during the reporting period. Secondly, the external auditors must perform a substantive analytical procedure by using aggregate data to increase accuracy and transparency in evaluating financial statements.

In responding to the responsibility imposed by the Public Company Accounting Oversight Board (PCAOB) on the external auditors, the auditors must accept the responsibility of examining the effectiveness of a company’s internal control. In order to adhere so both basic and professional ethics, the external auditors should always seek the management’s approval and acknowledgement to allow them to carry out their professional obligation without feeling the pressure from the issuers (Prentice & Bredeson, 2010). In this regard, the auditor will require the management to identify, document, and assess the importance of internal controls so that fraudulent programs can be brought under control.

Cost/Benefit Ratio for Companies Required to Comply with SOX

            Complying with SOX regulations has some specific costs as well as benefits for companies that are affected. Section 404 of the Act calls for the management and the outside auditors to give a report on the adequacy of an organization’s internal control over the financial reporting. The following are the trade-offs between the cost and benefits for organizations that comply with SOX.

The compliance costs have continued to decline with respect to revenue ever since 2004. The costs for decentralized companies have been confirmed to be lower than that of the centralized companies (Prentice & Bredeson, 2010). It can be deduced that SOX continues to impact positively on the confidence of the investor, highlighting the reliability of the financial statements as well as preventing the financial frauds from arising (United States Securities and Exchange Commission, 2009). Secondly, the diversification of stock investments through an efficient risk management calls for a significant allocation of financial resources required to meet the compliance costs. This is a benefit to many companies because the cost accepted across all the trading companies. The benefits of complying with the Act outweigh the costs associated with the same because the regulation serves to fix some of the accounting scandals. Although the compliance costs could be high for the smaller companies, the long-term benefits exceed the initial costs.


            The paper has provided a clear analysis of the Sarbanes-Oxley regulation, and from the discussion provided, it is true that various sections of the Act impact greatly on companies as well as the external auditors. Section 404 is very particular on the effect that the provision of the act has on smaller companies in the U.S., and from this perspective, the compliance costs is relatively higher than bigger companies do. In addition, Section 302 and 303 explain how this Act can impact the external auditors. More specifically, section 303 protects the external auditors from being pressurized by company officers or directors or issuers who can interfere with their professional work. In conclusion, the cost/benefit ratio is positively felt by the companies affected by the Act. Otherwise, the benefits of complying with SOX will always outweigh the costs.




Ernst & Young LLP. (2012). The Sarbanes-Oxley Act at 10: Enhancing the reliability of financial reporting and audit quality. Retrieved from$FILE/JJ0003.pdf

McConnell, K.D., & Banks, Y.G. (2003). How Sarbanes-Oxley will change the audit process. Journal of Accountancy. Retrieved from

Prentice, R. & Bredeson, D. (2010).  Student guide to the Sarbanes-Oxley Act. South-Western,          Cengage Learning.

Wang, J. (2008). Sarbanes-Oxley section 404 places disproportionate burden on smaller public companies. The Heritage Foundation. 1-38.

United States Securities and Exchange Commission. (2009). Study of the Sarbanes-Oxley Act of 2002 section 404 internal control over financial reporting requirements. Office of Economic Analysis. 1-97.