標準簡介
沙賓法案(SOX)是美國 2002 年頒佈的聯邦法律,旨在因應安隆、世界通訊和泰科等重大企業會計醜聞。該法案對所有在美國上市的公司及在美國交易所上市的外國公司,在財務報告、內部控制和公司治理方面實施了嚴格改革。
SOX 建立了公眾公司會計監督委員會(PCAOB)以監管審計事務所,並引入了嚴格的 CEO/CFO 問責制、審計委員會獨立性和舉報人保護要求。二十多年後,SOX 仍然是美國公司治理和財務報告誠信的基石,合規成本和複雜性持續演變。
Internal Controls (Section 404)
Requires management to establish and maintain an adequate internal control structure for financial reporting, with external auditor attestation for large accelerated filers.
CEO/CFO Certification (Section 302)
CEO and CFO must personally certify the accuracy and completeness of financial reports. False certification carries criminal penalties including fines and imprisonment.
Whistleblower Protection (Section 806)
Provides robust legal protections for employees who report corporate fraud, including protection against retaliation, reinstatement, and compensation for damages.
list_alt Key Sections
- Section 302 — CEO/CFO certification of financial reports
- Section 404 — internal control assessment and auditor attestation
- Section 409 — real-time disclosure of material changes
- Section 802 — criminal penalties for document destruction
- Section 806 — whistleblower protections
- Section 906 — criminal penalties for false certification
- PCAOB oversight of public accounting firms
- Audit committee independence requirements
Who Needs to Comply?
All publicly traded companies in the United States and foreign companies listed on U.S. stock exchanges. Also applies to their wholly-owned subsidiaries and public accounting firms that audit them. Private companies pursuing IPO must prepare for SOX compliance.
Key Requirements
Internal Controls Over Financial Reporting (ICFR)
Management must assess and report on the effectiveness of internal controls over financial reporting annually. Large accelerated filers require external auditor attestation under PCAOB AS 2201.
Officer Certifications
CEO and CFO must sign certifications with each annual and quarterly report attesting that financial statements fairly present the company's financial condition, with no material misstatements or omissions.
Audit Committee Independence
Audit committees must consist of independent board members with at least one financial expert. The committee oversees the external audit, internal controls, and whistleblower procedures.
Records Retention
Maintain audit work papers and relevant records for at least 7 years. Knowingly destroying or falsifying documents to obstruct investigations carries criminal penalties.
Real-Time Disclosure
Disclose material changes in financial condition or operations on a rapid and current basis (Section 409). This includes filing current reports (8-K) for significant events.
Penalties & Enforcement
Executives who certify fraudulent financial reports face fines up to $5 million and up to 20 years imprisonment (Section 906). Organizations face corporate fines up to $25 million. Document destruction carries penalties up to $5 million and 20 years imprisonment (Section 802). Companies may be delisted from stock exchanges.