Well, i’m sure by now millions of people have read the article in Newsweek about how Sarbanes-Oxley (SOX) could be brought down to it’s knees and killed.
Compliance auditors are getting cold hands thinking of the unemployment line! Not so fast, read into the article some more and I would argue that the real issue being asserted within this article is the legal framework of how the PCAOB is structured, overseen, and how it appoints members to this organization. Sure, there are rumblings about the effectiveness of SOX, but the thought of taking away most of it’s original intent is not something too many politicians would angle for. Section 404 has been a success and so has the advent of SAS 70 audits on third party providers and service organizations. Think any of these provisions on attesting on outsourcing entities are going away; I highly doubt it. So, while we may see the PCAOB and SOX “watered down”, it’s doubtful key provisions would be killed all together. Could you imagine another Enron, Worldcom without any SOX provisions in place because they were killed? Again, highly doubtful.
What has gained so much traction from SOX are SAS 70 audits, and with or without SOX, SAS 55 requires SAS 70 audits for purposes of financial statement reporting. Additionally, companies will not just stop asking for SAS 70 audits even if key provisions for SOX have been amended. Why? Because they have become very familiar, comfortable, and interested in what controls third party providers have in place.