Sarbanes-Oxley – Unconstitutional?

As previewed by Sumner Blount in his November 30th blog post, the Supreme Court on December 7th heard opening arguments challenging the constitutionality of the 2002 Sarbanes-Oxley Act, which came out of the scandalous collapses of Enron, WorldCom, Tyco and other companies early this decade.

As previewed by Sumner Blount in his November 30th blog post, the Supreme Court on December 7th heard opening arguments challenging the constitutionality of the 2002 Sarbanes-Oxley Act, which came out of the scandalous collapses of Enron, WorldCom, Tyco and other companies early this decade. At issue in the lawsuit, filed by the Free Enterprise Fund and a Nevada accounting firm, is the Sarbanes-Oxley law’s creation of an independent board to police auditors of publicly held companies.


“If you combine the ability to make laws and enforce the law, that’s what King George did – and that is the ultimate definition of tyranny,” said Lawyer Michael Carvin in an associated NPR interview. Their story and an audio recording can be found here.

In case you missed Sumner’s previous post, the crux of the matter, as reported by the Courier, is:


“The plaintiffs argue the Public Company Accounting Oversight Board violates the Constitution because it is not accountable to the president. The president lacks power to review the board’s work or influence its finances, the plaintiffs said. Board members are appointed by the Securities and Exchange Commission, which cannot remove board members for anything other than willful violations, the plaintiffs have said. They also have argued the arrangement violates the constitutional guarantee of a separation of powers because Congress has at least as much control over the accounting board, if not more, than the White House. The Securities and Exchange Commission and the accounting oversight board are both subject to congressional oversight.”


Much has been made of this law since It was enacted and its subsequent consequences, with many as a result calling it the ‘new employment act for auditors’ – but now that the requirements of the act are so ingrained in so many large, publicly traded companies, is it here to stay? Certainly there are those that have protested its very existence from its initial enactment – a quick Google search brings a myriad of articles on the subsequent mass privatization of companies and the exodus of companies to stock exchanges and trading boards in countries with far less stringent reporting requirements – but is the anti-SOX wave now reaching tsunami like proportions?


Many point to recent ‘smaller wins’ such as that voted on by the house in November, working towards excepting smaller companies from some of the more onerous requirements as small victories in a much larger battle. (Garret / Adler amendment.)


Having been entrenched in a large financial institution during the more formative years of the Sarbanes-Oxley act (the so called ‘year zero’ through the publication of the PCAOB’s Audit Standard No. 5 and the Security and Exchange Commissions’ guidance), I can see the benefit of the enterprise governance, risk and compliance (GRC) programs that were largely established in the wake of SOX and in some cases further developed and tuned in response to the more prescriptive guidelines and requirements that were to follow (such as PCI for example).


While I can see portions of the act that must change over time, to re-encourage the sort of free enterprise and opportunity the United States built itself upon, I feel that many of the components of the act that promote oversight, clarity and visibility, both to executive management and to the public, must be here to stay. Yes, some relaxation of some of the rules may bring companies flooding back to ‘the greatest stock market in the world,’ but investors, forever burned by the likes of Enron, WorldCom, et al, are now always going to look for that extra insight that the publication of additional information and disclosure of significant events is going to bring. Even the companies themselves have become dependent on the value added by the extra level of documentation, testing and certification that comes with formally documented processes, controls, and the associated risk management and governance practices.


Unconstitutional? Perhaps – on a technicality, the Sarbanes-Oxley act will start to fray and unravel… but I firmly believe the tone of ensuring corporate transparency is welcome, necessary, and here to stay.


Written by

CA Community

CA Community is the blog manager’s account used to post general updates and news items.

Published in

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!


    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website.



  • king lear

    testing comment functionality, please do not publish this

  • Rachel Macik

    Love the personal pic :)

    • CAHighlight

      Thank you!

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.

  • Michele Hudnall

    While the analysts were hyping DevOps, I posted the oversight of not including security as part of that discussion as you are highlighting here. Instead of just talking DevOps, it should be DOS (what’s old is new again :-) – DevOpsSec. As a previous AppDev person, it’s the app, who’s using it, why and where rather than the device and having the service available.

    As you rightly point, out Security should be baked into the solution.

    Nice Post and Timely!


    • CAHighlight

      Thank you for your feedback Michele. Agreed – security cannot be overlooked. Appreciate your input!

  • Mitesh

    I would love a printed copy

  • Lars Johansson

    I love the idea of BYOID! This makes me choose if I am almost anonymous (with my Hotmail Nicname) or official with identity from an official organisation. My Identity Provider will attach identity with right level of LoA according to the need of the Service provider.

    • CAHighlight

      Thank you for your comment. BYOID has tangible benefits for end users and relying parties but it also has to be weighed in the balance with potential risks and liability concerns. It will be interesting to see how BYOID plays out in the enterprise.