This US Federal law that came about to mandate practices in financial record keeping and reporting to protect investors at public firms by improving accuracy, transparency and reliability of corporate disclosures for off balance-sheet transactions; making board of directors, management and leveraged public accounting/audit firms to be accountable for it. The Act also has provisions applicable to private firms. It has raised investor confidence, reliability of financial statements, reporting re-statements and fraud prevention. The SEC is the enforcer of the law, with whistleblower protections, CEO/CFO certification requirements, internal/external audits, controls and annual tests for effectiveness. Other countries have since also adopted similar laws.
Firms are required to spend a significant amount of money and resources on SOX compliance, but these have continued to come down over almost 2 decades. The average costs range from $75-100K for small firms to to $2-3M for firms with revenues between $5-7Billion, with costs higher for decentralized firms.
Violation of the Act adds criminal penalties for Executives who face securities fraud, knowingly certifying financially non-compliant reports, obstruction of justice and other misconduct, with up to $1M in fines, a maximum sentence of 20-25 years prison time.