What is the Sarbanes-Oxley Act?


The Sarbanes-Oxley Act, commonly referred to as SOX, is a federal United States law passed in 2002. It was drafted in response to the numerous financial scandals of high-profile corporations such as WorldCom and Enron. This act has created new corporate standards for accountability to protect valued stakeholders and the public from fraudulent practices by organizations.

The Sarbanes-Oxley Act requires companies to implement extensive procedures that prevent illegal activities internally within the company and to respond to any illegal activity investigations without delay. Its primary function is to protect the public by improving the accuracy and consistency of corporate disclosures. The Act enhances corporate accountability while also safeguarding others by:

  • Ensures full financial disclosure
  • Creates consistent standards for internal policies
  • Requires mandatory transparency of all corporate activities
  • Increases the rights and protection of whistleblowers
  • Requires corporations to report to independent external auditing committees


The complete Sarbanes-Oxley Act applies to all publicly traded companies, while certain provisions also apply to private companies and nonprofit organizations. All businesses face criminal punishment for acts such as: document destruction or alternations, retaliation of whistleblowers, wire and mail fraud and participating in activities that violate federal regulations and rules. Companies who do not comply with this law face multimillion dollar fines, up to 20 years in prison, or a combination of both. Criminal penalties are extremely strict and vary drastically depending on which section of the Act was violated and whether it was violated intentionally.

The Act is associated primarily with financial departments, yet it also affects the technology sector of companies as well. IT departments are responsible for the storage of electronic records which according to the Act “must be saved for not less than five years”. There are three rules, stated in Section 802, that relate to the management of electronic records that address the following issues:

  1. The destruction, alternation, or falsification of records
  2. The mandatory retention period of 5 years for all record storage
  3. The exact type of records that need to be stored which include all business communications and related records


  • Restored public confidence in the capital market
  • Improved internal controls
  • More reliable documentation management
  • Increased business accuracy due to corporation’s accountability for their practices


  • The legislation gets its name from its authors: Senator Paul Sarbanes and Representative Michael Oxley
  • The Senate vote: 99-0
  • The Act contains 11 title sections including
  • The PCAOB, Public Company Accounting Oversight Board, was created to direct, regulate, and discipline corporations in regards to their compliance to this law.


Document Management systems provide the control, security, tracking, and reporting required in today’s compliance strategies. Using these systems allows organizations to easy report on decisions, activities, and visibility as it relates to information and documents that fall under the SOX regulations.