A reaction to Enron- and WorldCom-type accounting scandals, the Sarbanes-Oxley Act (SOX) became law on July 30, 2002. Although the sweeping legislation had unassailable goals—preventing and deterring future accounting fraud, protecting shareholders and increasing confidence in public company financial reporting and, thus, in the U.S. capital markets—it was divisive. It imposed tremendous new duties and costs on public companies and accounting firms, and a decade later, people are still split about whether the money, time and focus lost to SOX are worth the benefits it's yielded.

Steve Barth, co-chair of Foley & Lardner's national transactional and securities practice, calls the legislation “an abject failure. If the goal and object of Sarbanes-Oxley was to create more confidence in our capital markets, let's face it: It can't prevent fraud and abuse from occurring. Has the stock market become more trustworthy over the past 10 years?”

That debate won't see a conclusion anytime soon. The ways that SOX changed public companies, however, are undeniable. SOX led to greater internal control of financial reporting, and increased expertise and independence among more-focused boards, committees and directors. It imposed new reporting, audit, disclosure and ethics requirements, and created internal reporting and whistleblower structures upon which the Dodd-Frank Wall Street Reform and Consumer Protection Act has built.

The net effect of SOX goes beyond its components. The legislation was not revolutionary in terms of the substantive changes it made, says Randy Eaddy, a partner at Kilpatrick Townsend & Stockton. The existing laws that comprised the fundamental principles, duties and standards for corporate governance were largely unchanged, he says, but people were asleep at the switch with respect to them.

“Sarbanes-Oxley made it clear that you can't be asleep anymore,” Eaddy says. “It was revolutionary in terms of the attitudinal and cultural change that the primarily procedural rules it introduced caused to occur within the community of public companies and the lawyers that work for them. That change is the principal legacy of Sarbanes-Oxley.”

#1: It reformed and re-empowered the corporate board of directors.

The most prominent change SOX engendered was a shift from a perspective that the board serves management to a perspective that management is working for the board. “That's what our corporate structure in the U.S. intended, but you were seeing it exercised less in the day-to-day and more in the formalities of documentation,” says Ralph DeMartino, chair of the global securities group at Cozen O'Connor. “That's been a radical shift.”

SOX also recognized that director independence is necessary for the board to serve effectively as a check on management. It allows for director liability if the board fails to exercise the appropriate oversight.

Steve Blonder, a principal at Much Shelist, says that in the wake of SOX, companies are stronger and subject to additional oversight from more proactive board members with greater technical expertise. In general, he says, the increased demands and need for independence has led to greater diversity among the people who serve on boards.

Today, the audit committee of the board has greater powers and many more responsibilities, such as working with external auditors of internal controls. “They're kind of king of the hill of any board committee,” says William Currier, a partner at White & Case and a former (SEC) assistant director who was at the agency during the SOX rulemaking and implementation. “Now under certain circumstances, if management or [the audit committee of the board] doesn't respond to reports [of misconduct] from independent auditors, the independent auditors have the obligation to inform the SEC that there has been a dispute and to resign. That's a huge amount of leverage and responsibility directly derived from SOX.”

In general, boards are more focused on their responsibilities, says Linda Chatman Thomsen, who was director of the SEC's Division of Enforcement from 2005 to 2009 and led the Enron investigation. Thomsen now is a partner at Davis Polk & Wardwell.

“It may be luck or effective enforcement and laws, but since, I haven't seen an Enron or a WorldCom blowup to the magnitude that we saw those kinds of public company issues [before SOX],” she says.

#2: It encouraged the adoption of corporate codes of ethics.

SOX required companies to disclose whether their senior executives and financial officers followed a code of ethics. If they didn't have one, they had to explain why. Around the same time, both the New York Stock Exchange and Nasdaq adopted rules requiring that listed companies adopt and disclose a code of conduct. While the SOX rule didn't require adoption of a code, it made clear that the SEC expected one.

“Over the past 20 years, the government has been encouraging employers to adopt ethics and compliance programs in a number of ways,” says Chip Jones, a Littler Mendelson shareholder who counsels clients on such programs.

Since the mid-1980s, for example, federal sentencing guidelines have said companies with an effective ethics and compliance program would face reduced criminal sanctions. “Sarbanes-Oxley is just one regulatory framework pushing companies in that direction,” Jones says.

But even Enron had implemented a code of ethics that specifically prohibited some of the board and executives' later misconduct. It's clear the mere existence of a corporate code of conduct is useless without compliance.

#3: It created the PCAOB.

SOX created the independent Public Company Accounting Oversight Board (PCAOB) in 2002 to oversee the independent auditors of public companies, replacing a self-regulatory scheme and mandating true independence. The Board's inspection powers mean the audits of companies' internal controls are subject to scrutiny.

“To me, the creation of the PCAOB may be one of the most important features of the whole Sarbanes-Oxley structure,” Currier says. “On demand, the PCAOB can call up any given partner at any given [accounting firm] and ask to see all of his work papers for his last five engagements.”

Accounting firms that audit public companies must register with the PCAOB, and are subject to annual or triennial agency inspections, depending on their size. Currently the Board is in various stages of exploration of new initiatives in the wake of the financial crisis. They include new ways of promoting the transparency of audits, updating audit report formats, expanding foreign inspections and ensuring the independence of auditors. This includes a measure to require mandatory firm rotation, or term limits, between a public company and its audit firm

Sidebar: Inside the PCAOB

Gordon Seymour, general counsel of the Public Company Accounting Oversight Board (PCAOB), has been with the Board since 2003.

InsideCounsel: How has the agency evolved since its birth in 2002?