Section 302 requires that when filing either an annual or quarterly report,
both the CEO and the CFO must certify that they have
Reviewed the report
Found that the report does not contain any material untrue statements,
any material omission, and is not misleadingFound that the financial statements and related information present the
financial condition and financial results fairly and accuratelyIn addition, the CEO and CFO must acknowledge that they
Are responsible for internal controls, have reviewed these controls in
the last 90 days, and have reported on these findings
Have provided a list of all deficiencies in the internal controls and infor-
mation on any fraud that involves employees who are involved with
internal activitiesHave noted any significant changes in internal controls or related factors
that could have a negative impact on the internal controlsThis set of acknowledgements is changing the way CEOs and CFOs work.
They are forced to actively monitor and assess controls to ensure that
no fraud can take place. Senior management now has to spend time and
money finding out precisely, and in detail, how their controls are working.
They can no longer — as many of the Enron management team did — plead
ignorance.
SOX considers this new level of commitment from executives in certifying
what they know so essential that it appears twice in the legislation: once in
Section 302 and again in Section 906. This is what is becoming known as the
“Belt and Suspenders Theory” (the name comes from the fact that some
people, just to be sure their pants won’t fall down, wear both a belt and
suspenders).
In Section 906, the big stick appears. Here lie the criminal penalties for failure
to comply: a $1 million fine or a 10-year sentence for executives who claim
ignorance of misinformation, and $5 million fine or a 20-year sentence for
executives who willfully provide misinformation. Some stick, huh? (However,
the jail sentences will only be used in extreme cases, where executives are
shown to have willfully misrepresented the facts. For errors in their compli-
ance framework, senior staff members are more likely to face fines and penal-
ties.) Figure 4-3 shows a timeline of convictions under SOX during the
regulation’s first year.