On July 30th, 2002, President Bush signed the Sarbanes-Oxley Act (SOX) into law. The most dramatic change to federal securities laws since the 1930s, the SOX Act radically redesigned federal regulation of public company corporate governance and reporting obligations. It also significantly tightened accountability standards for directors and officers, auditors, securities analysts and legal counsel.

Sarbanes-Oxley Act (SOX) applies to publicly held companies and their audit firms, dramatically affects the accounting profession, and impacts not only the accounting firms, but also CPAs actively working as an auditor of, or for, a publicly traded company. Provisions of SOX detail criminal and civil penalties for noncompliance, certification of internal auditing and increased financial disclosure.

Section 404 requires that all annual financial reports must include an Internal Control Report, stating that management is responsible for an "adequate" internal control structure, and an assessment by management of the effectiveness of the control structure. Any shortcomings in these controls must also be included in the IRC, and must be reported to the SEC.

Section 802, Regulation SX, Rule 2-06 mandates the retention of documents used for financial audits and reporting, and requires documentation to be centrally controlled and tested to provide management-level visibility to any document retention weaknesses.