Tuesday, January 20, 2004

SOX section 302

I have now finished reading SOX, which is a model of clarity. I have read section 404, but section 302 seems to be even more explicit about the obligations of management with respect to internal controls than 404 is. It says:

------------------------------------------
Summary: As directed by Section 302(a) of the Sarbanes-Oxley Act of 2002, we are adopting rules to require an issuer's principal executive and financial officers each to certify the financial and other information contained in the issuer's quarterly and annual reports. The rules also require these officers to certify that: they are responsible for establishing, maintaining and regularly evaluating the effectiveness of the issuer's internal controls; they have made certain disclosures to the issuer's auditors and the audit committee of the board of directors about the issuer's internal controls; and they have included information in the issuer's quarterly and annual reports about their evaluation and whether there have been significant changes in the issuer's internal controls or in other factors that could significantly affect internal controls subsequent to the evaluation. In addition, we are adopting previously proposed rules to require issuers to maintain, and regularly evaluate the effectiveness of, disclosure controls and procedures designed to ensure that the information required in reports filed under the Securities Exchange Act of 1934 is recorded, processed, summarized and reported on a timely basis.
------------------------------------------

I intended to copy the wording in the Act, but the Acrobat file won't let me, so I found the above summary at:

http://www.sarbanes-oxley.com/displaypcaob.php?level=2&pub_id=SEC-Rules&chap_id=SEC1&message_id=77

instead. Beware of line-wrap if trying to use the above URL.

Item (4)(C) actually says that the effectiveness of the issuer's internal controls has to be evaluated as of a date within 90 days prior to the report.

However, the following article suggests that SOX 404 is not as dangerous as it seems:

http://cio-asia.com/pcio.nsf/unidlookup/1010AE6EDD168E1D48256E210025D97F?OpenDocument

The impact of SOX 404 appears to be debatable!