The Public Company Accounting Reform and Investor Protection Act of 2002, commonly known as Sarbanes-Oxley or SOX after the two authors of the bill, was enacted on July 30, 2002, in response to several major corporate and accounting scandals, the most infamous being the meltdown of energy giant Enron.
Sarbanes-Oxley includes some of the most far-reaching reforms of American business practices since the Depression Era and it not only applies to U.S.-based parent companies, but subsidiaries organized outside the borders of the United States. This means that U.S. businesses operating in China must remain compliant, challenging them to design and maintain their internal control structure in an accounting and reporting environment that is early in its development and is rapidly changing.
Many Chinese accountants and local Chinese accounting firms lack the expertise and experience to establish, maintain and review internal control systems. Despite these challenges, when contemplating an entry into the Chinese market, SOX compliance should be considered with equal importance as the location and legal structure of the proposed China operations. Early internal control design and implementation in tandem with proper organization under Chinese laws will contribute to a smoother transition and earlier success.
Sarbanes-Oxley is arranged into 11 titles, each with their respective sections. From a corporate compliance perspective, there are five sections with the most relevance: sections 302, 401, 404, 409 and 802. Of these sections, Section 404 has the most relevance to U.S.-China businesses and the largest impact on corporate financial reporting and internal control implementation, maintenance and assessment.
Section 302 requires senior executives, usually the chief executive officer or the chief financial officer, to take individual responsibility in the form of financial statement certifications as to the accuracy and completeness of financial reporting in connection with the periodic reporting requirements of the U.S. Securities and Exchange Commission (SEC). Managers of U.S.-China businesses have the responsibility of reporting internal control weaknesses to senior executives in an immediate and timely manner.
Section 401 requires that financial statements be truthful and presented in a manner that does not contain inaccuracies. These financial statements must reflect all material off-balance sheet liabilities, obligations or transactions. As such arrangements are not unusual with Chinese operations, managers of U.S.-China businesses must be aware of the reporting requirements and communicate such transactions in a timely manner to senior executives.
Section 404 requires management to publish an "internal control report" as part of each annual financial report required by the SEC. The report must emphasize the responsibility of management for the establishment and maintenance of an adequate internal control structure and procedures for financial reporting, including an assessment of the effectiveness of the internal control structure and procedures of the registrant for financial reporting. Many companies have adopted internal control frameworks as prescribed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO is a private non-profit organization that provides guidance to executives over corporate governance, business ethics, internal control, enterprise risk management, fraud and financial reporting. Relevant to Section 404 compliance, COSO has established an internal control model with which companies and organizations may design and assess their control systems.
Assessment of the internal controls requires tests of the effectiveness of such controls periodically throughout the year upon which the annual report is issued. Material weaknesses identified, if any, and action plans to remedy such weaknesses must be included in the assessment. Foreign subsidiaries, including those organized in China, are not exempt from this requirement.