THE SARBANES OXLEY ACT

The Sarbanes Oxley Act

Responding to corporate failures and fraud that resulted in substantial financial losses to institutional
and individual investors, Congress passed the Sarbanes Oxley Act in 2002.

The Act contains provisions affecting corporate governance, risk management, auditing, and financial
reporting of public companies, including provisions intended to deter and punish corporate accounting
fraud and corruption.

Title I of the Sarbanes Oxley Act establishes the PCAOB as a nonprofit organization, that oversees the
audits of public companies that are subject to the securities laws.

The Sarbanes Oxley Act gives to the PCAOB four primary responsibilities:

- registration of accounting firms that audit public companies in the U.S. securities markets;

- inspections of registered accounting firms;

- establishment of auditing, quality control, and ethics standards for registered accounting firms; and

- investigation and discipline of registered accounting firms for violations of law or professional
standards.

Title II of the Sarbanes Oxley Act addresses auditor independence.

It prohibits the registered external auditor of a public company from providing certain nonaudit services
to that public company audit client.

Title II also specifies communication that is required between the auditors and the public company's
audit committee (or board of directors), and requires periodic rotation of the audit partners managing a
public company's audits.

Titles III and IV of the Sarbanes Oxley Act focus on corporate responsibility and enhanced financial
disclosures.

Title III asks for certifications by corporate officers in annual and quarterly reports.

Title IV addresses disclosures in financial reporting and transactions involving management and principal
stockholders, and other provisions such as internal control over financial reporting.

More specifically, section 404 of the Sarbanes Oxley Act establishes requirements for companies to
publicly report on management’s responsibility for establishing and maintaining an adequate internal
control structure, including controls over financial reporting, and the results of management's
assessment of the effectiveness of internal control over financial reporting.

External auditors must report if they agree with management’s assessment of the company’s internal
control over financial reporting.

The SEC and the PCAOB have issued regulations, standards, and guidance to implement the Sarbanes-
Oxley Act.

For instance, both SEC's regulations and PCAOB’s Auditing Standards state that management is required
to base its assessment of the effectiveness of the company’s internal control over financial reporting on
a suitable, recognized control framework established by a body of experts that followed due process
procedures, including the broad distribution of the framework for public comment.
Both the SEC's guidance and PCAOB's auditing standard cite the COSO principles as providing a suitable
framework for purposes of section 404 compliance.

In 1992, COSO issued its “Internal Control—Integrated Framework” (the COSO Framework), to help
businesses and other entities assess and enhance their internal control.

Since that time, the COSO framework (including the updated framework) has been recognized by
regulatory standards setters and others, as a comprehensive framework for evaluating internal control,
including internal control over financial reporting.

The COSO framework includes a common definition of internal control and criteria against which
companies could evaluate the effectiveness of their internal control systems.

The framework consists of five interrelated components: control environment, risk assessment, control
activities, information and communication, and monitoring.

While the SEC and the PCAOB do not mandate the use of any particular framework, PCAOB states that
the framework used by a company should have elements that encompass the five COSO components on
internal control.

Internal control generally serves as a first line of defense in safeguarding assets and preventing and
detecting errors and fraud.

Internal control is defined as a process, effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of the following
objectives:

(1) effectiveness and efficiency of operations;

(2) reliability of financial reporting; and

(3) compliance with laws and regulations.

Internal control over financial reporting is further defined in the SEC regulations implementing section
404.

These regulations define internal control over financial reporting as providing reasonable assurance
regarding the reliability of financial reporting and the preparation of financial statements, including
those policies and procedures that:

- pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the
transactions and dispositions of the assets of the company;

- provide reasonable assurance that transactions are recorded as necessary to permit preparation of
financial statements in conformity with generally accepted accounting principles, and that receipts and
expenditures of the company are being made only in accordance with authorizations of management
and directors of the company; and

- provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition,

use, or disposition of the company’s assets that could have a material effect on the financial statements.

Steven B. Harris, PCAOB Member, in a presentation with title "Remarks on The Sarbanes-Oxley Act of
2002: Ten Years Later", has said:

"1. It restored investor confidence.

The Sarbanes-Oxley Act was not just a response to Enron despite the failures its collapse exposed. As the
Los Angeles Times reported January 26, 2002, less than two months after Enron filed for bankruptcy:
"There was a total failure by everyone, a complete breakdown in the system, in all the checks and
balances. It was a failure by Wall Street analysts who just went along for the ride, and by the auditors
who were collecting so much money they couldn't walk away from it, and by government agencies who
are supposed to monitor those companies."

The Senate and House were already working on legislative responses to those failures when other
corporate giants began to falter and collapse, including Tyco, Adelphia and, what was then the largest
restatement in corporate history, WorldCom.

Former House Financial Services Committee Chairman, Michael Oxley recently described the effects of
those business failures saying, "It was a severe shock to our system, to the core of the capital system
that depends on honesty and integrity and on having investors believing in the companies they invest
in." He added, "That was really the shock to me, as a pro-business Republican, who was looking at what I
thought was the disintegration of the capital market."

Chairman Oxley was not exaggerating. In July 2002 alone, the Dow dropped over 15 percent. And
between the time the House passed its bill in April and the Senate acted in July, the Dow declined
almost 23 percent, or over 2,000 points. If nothing else, the Sarbanes-Oxley Act stopped cold the stock
market hemorrhage at the time.

The need for the Act was clear in the final votes: 99-0 in the Senate and 423-3 in the House. Chairman
Oxley called it a "blow out."

2. It established the PCAOB, ending more than 100 years of self-regulation by the accounting profession.

Ten years later, 44 non-U.S. countries have established independent regulatory regimes for auditors
patterned after the PCAOB.

3. It dealt with the conflicts of interest in the accounting profession by prohibiting accounting firms from
performing certain auditing and consulting services for the same company the firm was auditing.

For example, it prohibited a company from setting up a valuation system for valuing financial assets and
then auditing that system.
4. It mandated independent audit committees and required issuers to disclose whether a "financial
expert" is on the audit committee.

Audit firms now must report to an independent audit committee.

5. It increased corporate accountability and dealt with tone at the top by requiring CEOs and CFOs to
personally certify their companies' financial statements.

It is my belief that this is one of the most important provisions in the Act that has had the greatest
impact — and it came directly from then Securities and Exchange Commission Chairman Harvey Pitt.

6. It instituted "clawback" provisions, requiring CEOs and CFOs to give up bonuses or other financial
incentives based on financial results that later had to be restated.

7. It essentially ended the backdating of stock options.

8. It established whistleblower protections for employees of public companies.

9. It required public companies to disclose off-balance sheet arrangements in quarterly and annual
financial reports to the SEC and investors.

10. It restricted loans that public companies can make to officers and directors.

And, of course, it required publicly traded companies to have a system of internal controls over financial
reporting. This precedent had already been established in the Foreign Corrupt Practices Act (1977) and
the Federal Deposit Insurance Corporation Act (1991).
Under the Sarbanes-Oxley Act, management has to establish, assess and report on the issuer's system of
internal controls over financial reporting, and auditors must report on the effectiveness of that system
of internal controls. Studies show that better internal controls result in better financial reporting and
more investor confidence in financial reports.

For the most part, I find that when people talk about repealing the Sarbanes-Oxley Act, they are talking
about those provisions dealing with internal controls. When I ask what other provisions they believe
should be altered, there is no clear response.

I would note that since the passage of the Act, financial restatements have steadily decreased since
2005. Fewer securities class action lawsuits are being filed — down by as much as 60 percent by some
reports — and audit quality is generally recognized as having improved, although clearly more work
needs to be done.

The stated purpose of the Act is "to protect investors by improving the accuracy and reliability of
corporate disclosures."

I certainly think it has done that, and I would echo Senator Sarbanes in his recent comment on the
future of the Sarbanes-Oxley Act:

"My hope is that the Act becomes so much a part of the way business is done in this country; so much a
part of establishing the standards, that it is not seen as something separate and apart. It really becomes
part of the very structure of the business world. And what comes out of that, of course, are higher
standards, more ethical behavior and to the benefit of everyone."

Study of the Sarbanes-Oxley Act, Section 404, Securities and Exchange Commission, September 2009.

Note: This is important for Sarbanes-Oxley professionals

The Public Company Accounting Reform and Investor Protection Act, otherwise known as the Sarbanes-
Oxley Act (the “Act”), was enacted in July 2002 after a series of high-profile corporate scandals involving
companies such as Enron and Worldcom.

Section 404(a) of the Act requires management to assess and report on the effectiveness of internal
control over financial reporting (“ICFR”). Section 404(b) requires that an independent auditor attest to
management’s assessment of the effectiveness of those internal controls. Because the cost of complying
with the requirements of Section 404 of the Act (“Section 404”) has been generally viewed as being
unexpectedly high, efforts to reduce the costs while retaining the effectiveness of compliance resulted in
a series of reforms in 2007.

Compliance costs vary with company size (increasing with size), compliance history (decreasing with
increased compliance experience), and compliance regime (lower after the 2007 reforms). Larger
companies tend to incur higher compliance costs in dollar terms (“absolute cost”), while smaller
companies report higher costs as a fraction of asset value (“scaled cost”).

The evidence suggests that companies bear some fixed start-up costs of compliance that are not
scalable. Some of these costs are recurring fixed costs, while others are one-time start-up costs borne in
the first years of compliance that tend to dissipate over time. For companies complying with both parts
of Section 404, the cost of complying with Section 404(b) is reportedly similar to the incremental cost of
complying with Section 404(a) alone. The resource requirements of Section 404(a) and Section 404(b)
compliance are quite different, however. The Section 404(a) cost is borne through increased internal
labor and outside vendor expenses, while the Section 404(b) cost is experienced primarily through
increased independent-auditor fees.

Section 404 of the Sarbanes-Oxley Act directs the SEC to adopt rules requiring annual reports of
companies with publicly traded securities, other than registered investment companies, to disclose
management’s assessment of the effectiveness of the company’s ICFR and an auditor’s independent
attestation to the effectiveness of those internal controls.

When the Commission first adopted rules under Section 404, the expressed objectives included
enhancing the quality of reporting and increasing investor confidence in the financial statements. The
Commission release cited as a benefit the improvement of “public company disclosure to investors
about the extent of management’s responsibility for the company’s financial statements and internal
control over financial reporting.” This is an important aspect of the financial reporting process because
weaknesses in internal controls create more opportunities for intentional earnings management as well
as unintentional accounting estimation and reporting errors. According to the 2003 adopting release,
with these rules, “investors will be able to better evaluate management’s performance of its
stewardship responsibility and the reliability of a company’s financial statements and other unaudited
financial information,” and that “improved disclosure may help companies detect fraudulent financial
reporting earlier and perhaps thereby deter financial fraud or minimize its adverse effects.”

Concerns about the costs of complying with the requirements of Section 404 emerged and persisted
over the first few years of implementation. By 2007, a number of organizations had published
information regarding Section 404 compliance costs, with annual cost estimates ranging from $860,000
to $5.4 million per company depending on the source. To address concerns about the costs of
compliance, the Commission, during June and July 2007, issued Management Guidance and approved
the PCAOB’s new audit standard, AS5, for use by public company auditors. The 2007 reforms were
intended to increase the efficiency and effectiveness of Section 404 implementation.

The Management Guidance described a top-down, risk-based approach to satisfying the requirements
of Section 404. It was intended to reduce the costs of Section 404(a) compliance first by “allowing
management to focus on the controls that are needed to adequately address the risk of a material
misstatement of its financial statements” and second by allowing management “to align the nature and
extent of its evaluation procedures [such as evidence gathering, documentation effort, and testing the
controls] to those areas of financial reporting that pose the highest risks to reliable financial reporting.”

By stressing that “management should bring its own experience and informed judgment to bear” in the
process of ICFR evaluation, the release encouraged more flexibility and discretion on management’s part
in complying with Section 404. A companion release by the Commission also noted that the
Management Guidance should help management to avoid the costs of excessive testing and
documentation and allow smaller public companies to scale and tailor their evaluation methods and
procedures to fit their facts and circumstances. The 2007 final release indicated that reliance on the
Commission’s Management Guidance is voluntary.

In addition, on July 25, 2007—effective for audits of internal control for fiscal years ending on or after
November 15 of the same year—the Commission approved PCAOB’s AS5, which established a new
standard for the independent audit of ICFR required under Section 404(b). The expected benefits of AS5
included:
(i) allowing auditors to exercise their judgment,

(ii) scaling the level of internal control testing to match the size of the company,

(iii) eliminating unnecessary procedures for audit and allowing auditors to focus on matters they
consider to be most important for internal control, and

(iv) allowing auditors to use a principles-based approach to decide the extent to which they can rely on
work already done by others, including the effort exerted by management in complying with Section
404(a).

Important definitions, from the Improper Influence on Conduct of Audits, Securities and Exchange
Commission, final rule.

This is important for Sarbanes-Oxley professionals

As directed by section 303 of the Sarbanes-Oxley Act of 2002, we are adopting rules to prohibit officers
and directors of an issuer, and persons acting under the direction of an officer or director, from taking
any action to coerce, manipulate, mislead, or fraudulently influence the auditor of the issuer's financial
statements if that person knew or should have known that such action, if successful, could result in
rendering the financial statements materially misleading.

On July 30, 2002, the Sarbanes-Oxley Act of 2002 (the "Act") was enacted. Section 303(a) of the Act
states:

It shall be unlawful, in contravention of such rules or regulations as the Commission shall prescribe as
necessary or appropriate in the public interest and for the protection of investors, for any officer or
director of an issuer, or any other person acting under the direction thereof, to take any action to
fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant
engaged in the performance of an audit of the financial statements of that issuer for the purpose of
rendering such financial statements materially misleading.
As mandated by the Act, the Commission is adopting rules to implement section 303(a). The rules, in
combination with the existing rules under Regulation 13B-2, are designed to ensure that management
makes open and full disclosures to, and has honest discussions with, the auditor of the issuer's financial
statements. These rules prohibit officers or directors of an issuer, or persons acting under their
direction, from subverting the auditor's responsibilities to investors to conduct a diligent audit of the
financial statements and to provide a true report of the auditor's findings.

Definition of "issuer." In the proposing release, we noted that the definition of the term "issuer" in
section 3 of the Securities Exchange Act of 1934 ("Exchange Act") would apply to the term as used in the
rule. This definition includes, with certain exceptions, any person who issues or proposes to issue
securities. One commenter noted that this definition would include all private issuers of securities and
suggested that we use the definition of "issuer" in the Sarbanes-Oxley Act. The definition in that Act
generally would limit application of the rule to issuers whose securities are registered with the
Commission under section 12 of the Exchange Act, that are required to file reports with the Commission
under section 15(d) of the Exchange Act, or that have filed registration statements with the Commission
that have not yet become effective and have not been withdrawn.

We continue to believe that the definition of the term "issuer" in section 3 of the Exchange Act applies
to the use of the term in the new rules. The term "issuer," as defined in the Exchange Act, has been used
in Rule 13b2-2 since it was adopted in 1979, and we believe that the amendments do not require a
change in the meaning of the term. In addition, because the new rule specifically applies to improperly
influencing auditors of issuers' financial statements "that are required to be filed with the Commission,"
the commenter's concern that this definition would extend the scope of the rule to all private issuers of
securities has been addressed. Accordingly, the term "issuer" in the new rule should be defined as
stated in section 3 of the Exchange Act.

Definition of "officer." New rule 13b2-2(b)(1) addresses activities by an officer or director of an issuer, or
any other person acting under the direction of an officer or director. The Commission has defined the
term "officer" to include the company's "president, vice president, secretary, treasurer or principal
financial officer, comptroller or principal accounting officer, and any person routinely performing
corresponding functions with respect to any organization whether incorporated or unincorporated." The
term "executive officer" includes an issuer's chief executive officer and other officers who perform
policy-making functions for the issuer.
Some commenters suggested that the term "officer" should include all those responsible for corporate
governance matters or who influence the preparation of an issuer's financial statements.16 Commenters
also suggested that the definition include an issuer's general counsel or chief legal officer. We do not
believe at this time that it is necessary to amend the existing definition of "officer" or "executive officer,"
or to write a new definition specifically for Regulation 13B-2. The existing definitions cover, among
others, those who set corporate governance policies and legal policies for an issuer. Should we note that
members of management not encompassed by the existing definitions of "officer" and "executive
officer" are engaging in the conduct addressed in the rule, we may revisit this issue.

Definition of "under the direction." As noted above, new rule 13b2-2(b)(1) covers the activities of not
only officers and directors of the issuer who engage in an attempt to misstate financial statements but
also "any other person acting under the direction thereof." Activities by such "other persons" currently
may constitute violations of the anti-fraud or other provisions of the securities laws or aiding or abetting
or causing an issuer's violations of the securities laws. Section 303(a) and the new rule provide the
Commission with an additional means of addressing efforts by persons acting under the direction of an
officer or director to improperly influence the audit process and the accuracy of the issuer's financial
statements.

As noted in the proposing release, we interpret Congress' use of the term "direction" to encompass a
broader category of behavior than "supervision." In other words, someone may be "acting under the
direction" of an officer or director even if they are not under the supervision or control of that officer or
director. Such persons might include not only the issuer's employees but also, for example, customers,
vendors or creditors who, under the direction of an officer or director, provide false or misleading
confirmations or other false or misleading information to auditors, or who enter into "side agreements"
that enable the issuer to mislead the auditor.

In appropriate circumstances, persons acting under the direction of officers and directors also may
include not only lower level employees of the issuer but also other partners or employees of the
accounting firm (such as consultants or forensic accounting specialists retained by counsel for the issuer)
and attorneys, securities professionals, or other advisers who, for example, pressure an auditor to limit
the scope of the audit, to issue an unqualified report on the financial statements when such a report
would be unwarranted, to not object to an inappropriate accounting treatment, or not to withdraw an
issued audit report on the issuer's financial statements. In the case of a registered investment company,
persons acting under the direction of officers and directors of the investment company may include,
among others, officers, directors, and employees of the investment company's investment adviser,
sponsor, depositor, administrator, principal underwriter, custodian, transfer agent, or other service
providers.
Commenters on this discussion in the proposing release were divided. Some believe that some form of
specific instruction or direction from an officer or director should be required before the rule should
apply to "other persons." Others expressed the opposite view that no specific direction should be
required, that the conduct should be considered illegal whether or not the person was acting under the
direction of an officer or director, and that the rule should apply to anyone who lies to or misleads the
auditor and to all those who have responsibilities or activities relevant to the financial statements. Still
others suggested that we neither define the term "under the direction" nor provide examples. As noted
above, we continue to believe that "direction" encompasses a broader category of behavior than
supervision, and may include the activities of third parties who participate in an effort to improperly
influence the auditor when those third parties knew or should have known that the effect of their
conduct would be to render an issuer's financial statements materially misleading.

Some commenters were concerned that including customers, vendors and creditors in the discussion of
those persons who, in appropriate circumstances, might be considered to be acting under the direction
of an officer or director would have a chilling effect on communications between those persons and the
auditors. Other commenters noted that this chilling effect would be enhanced by the Commission's
position in the proposing release that negligently misleading the auditor was sufficient conduct to
trigger application of the rule. In particular, some commenters noted that a misleading legal analysis
should violate the rule only if accompanied by fraudulent or "bad" intent on the part of the attorney
providing the analysis. These comments would appear to be based on the premise that in the past the
Commission has not addressed the negligent communication of misleading information to auditors and
that the new rule, therefore, would chill communications during the audit process and thereby lower
the quality of the audit process. To the contrary, for many years we have initiated enforcement actions
against those who, by negligently providing misleading confirmations to auditors, cause an issuer to
violate the financial reporting or books and records provisions of the Securities Exchange Act of 1934.

The new rule, by providing an additional means of addressing such conduct, should provide more
credibility and integrity to the audit process. We believe that third parties providing information or
analyses to an auditor should exercise reasonable attention and care in those communications. A
primary purpose for enactment of the Sarbanes-Oxley Act is the restoration of investor confidence in
the integrity of financial reports, which will require the cooperation of all parties involved in the audit
process. We do not intend to hold any party accountable for honest and reasonable mistakes or to
sanction those who actively debate accounting or auditing issues. We do believe, however, that those
third parties who, under the direction of an issuer's officers or directors, mislead or otherwise
improperly influence auditors when they know or should know that their conduct could result in
investors being provided with misleading financial statements or a misleading audit report, should be
subject to sanction by the Commission.
"Fraudulently influence." New rules 13b2-2(b)(1) and (c)(2) address certain actions "to coerce,
manipulate, mislead, or fraudulently influence" the auditor of the issuer's financial statements. Much of
the conduct addressed by the rules, particularly efforts to "manipulate or mislead" the auditor, generally
would be subject to other provisions of the securities laws and the Commission's regulations, including
the existing rules in Regulation 13B-2. The new rules, however, would provide an additional means to
address conduct to coerce, manipulate, mislead, or fraudulently influence an auditor during his or her
examination or review of the issuer's financial statements, including conduct that did not succeed in
affecting the audit or review.

In the proposing release, we noted that in the rule the word "fraudulently" modifies influence but not
coerce, manipulate or mislead. Several commenters suggested that the Commission should amend this
interpretation and state that "fraudulently" modifies all four types of conduct. Some commenters
indicated that intent to materially mislead the auditor should be required and others stated any attempt
to purposely skew the issuer's disclosure should violate the rule. One commenter noted that fraudulent
intent should not be required for officers, directors or employees, but should be required for third
parties such as vendors and customers.

We have decided not to amend our view that the word "fraudulently" modifies only "influence." To
emphasize this point, we have reordered the words to place "fraudulently influence" at the end of the
list instead of at the beginning. The new rule, therefore, reads that no officer or director or person
acting under his or her direction "shall directly or indirectly take any action to coerce, manipulate,
mislead, or fraudulently influence" any accountant engaged in the performance of an audit or review of
an issuer's financial statements.

In the context of the new rule, the words "coerce" and "manipulate" imply compelling the auditor to act
in a certain way through pressure, threats, trickery, intimidation or some other form of purposeful
action, and further modifiers are not necessary. Regarding the term "mislead," pre-existing rule 13b2-2
for many years has prohibited officers and directors from directly or indirectly making or causing to be
made materially misleading statements to auditors. Causing misleading statements to be made to
auditors has included, and will continue to include, an officer or director entering into an arrangement
with a third party to send a misleading confirmation or to provide other misleading information or data
to the auditor of the issuer's financial statements.

The new rule does not alter this approach. As noted above, a primary purpose for enactment of the
Sarbanes-Oxley Act is the restoration of investor confidence in the integrity of financial reports. Such a
purpose would not be served by imposing what would amount to a new scienter requirement on the
pre-existing provision prohibiting officers and directors from causing misleading statements or omissions
to be made to auditors.

Types of Conduct. As stated in the proposing release, types of conduct that the Commission believes
could constitute improper influence (if the person engaged in that conduct knows or should know that
the conduct, if successful, could result in rendering the issuer's financial statements materially
misleading) include, but are not limited to, directly or indirectly:

- Offering or paying bribes or other financial incentives, including offering future employment or
contracts for non-audit services,

- Providing an auditor with an inaccurate or misleading legal analysis,

- Threatening to cancel or canceling existing non-audit or audit engagements if the auditor objects to the
issuer's accounting,

- Seeking to have a partner removed from the audit engagement because the partner objects to the
issuer's accounting,

- Blackmailing, and

- Making physical threats.

The facts and circumstances of each case would be relevant to determining whether the conduct would
violate the new rule.

Commenters had varied reactions to the illustrative list of the types of conduct that could be covered by
the rule. Some commenters suggested that providing inaccurate or misleading information to internal
auditors, as well as to independent auditors, should be deemed a violation of the rule. While we believe
that an officer or director, or person acting under the direction of an officer or director, providing
misleading information to an internal auditor would be relevant to the status of the issuer's internal
accounting controls or disclosure controls, it would not appear to be related to the purpose of section
303 of the Act and the new rule, which is to protect and enhance the independent audit function.

Other commenters suggested that, due to other safeguards in the Act, we should delete from the
illustrative list the actions of offering future employment with the issuer and threatening to cancel audit
or non-audit contracts for services. These commenters indicated that section 206 of the Act, which
requires a one-year "cooling off" period from the time certain officers of the issuer last participated as a
partner or employee of the accounting firm in an audit of the issuer's financial statements to the
commencement of the audit, provides sufficient protection against offering employment as a means of
improperly influencing the auditor.

Similarly, commenters indicated that the provisions in sections 201 and 202 requiring audit committee
pre-approval of audit and non-audit services should be an adequate safeguard against the use of such
services to improperly influence auditors.

Sections 201, 202 and 206, as well as the remainder of Title II of the Act, are designed to enhance the
independence of auditors. We believe, however, services and employment opportunities that would not
impair an auditor's independence nonetheless could provide financial incentives used to improperly
influence or otherwise deter auditors from performing an appropriate audit. Accordingly, such actions
continue to be possible mechanisms, assuming the other criteria in the rule are met, for violating the
new rule.

Some commenters suggested qualifying other examples in the list. For example, commenters indicated
that canceling or threatening to cancel an audit or non-audit engagement should be within the purview
of the rule only if the action was taken because the auditor objects to the issuer's accounting. One
commenter expressed this notion in terms of a clear quid pro quo linking the offering of a contract for
non-audit services with the intent to fraudulently influence the audit. We acknowledge that there may
be many legitimate reasons to replace individuals on an audit or review engagement, or to award or
cancel audit or non-audit services. Such actions alone do not violate the new rule. When such actions,
however, become the consideration used by an officer or director, or person acting under the direction
of an officer or director, to improperly influence the auditor, and that person knew or should have
known that the result of his or her conduct could be materially misleading financial statements, then the
actions fall within the scope of the rule.
Still other commenters suggested adding to the list activities such as: knowingly providing to the auditor
inadequate or misleading information that is key to the audit, transferring managers or principals from
the audit engagement, and when predicated by an intent to defraud, verbal abuse, creating undue time
pressure on the auditors, not providing information to auditors on a timely basis, and not being available
to discuss matters with auditors on a timely basis. In the appropriate circumstances and upon
satisfaction of the criteria in the rule, each of these actions could result in improper influence on the
auditor.

Finally, most commenters addressing the issue stated that the Commission should not place in the rule
any examples of the types of conduct that might violate the rule,61 and we have not done so.

Definition of "independent public or certified public accountant." The new rule addresses the improper
influence of "any independent public or certified public accountant" engaged in the performance of an
audit or review of an issuer's financial statements.62 Prior to the adoption of the Act, similar phrases
commonly were used in the securities laws and the Commission's regulations to refer to the accountant
providing audit and review services to a Commission registrant. Although the Act, in anticipation of
accounting firms registering with the Public Company Accounting Oversight Board (the "Board"),
changed several of these references, such terms continue to appear in certain sections of the securities
laws and related schedules.

We believe that section 303 of the Act includes all accountants engaged in auditing or reviewing an
issuer's financial statements or issuing attestation reports to be filed with the Commission. Once firms
are registered with the Board, the term "independent public or certified public accountant," as used in
the new rule, would include registered public accounting firms and persons associated with such a
public accounting firm, as defined in the Act. While some commenters expressed concern with the use
of different definitions to describe the independent auditor, they generally did not object to the use of
the term in the new rule.

"Engaged in the performance of an audit." New rules 13b2-2(b)(1) and (c)(2) track the language in
section 303(a) of the Act regarding the improper influence of an accountant "engaged in the
performance of an audit" of the issuer's financial statements. Both the Commission and the accounting
profession have recognized that the need for an auditor to maintain an independent and unbiased
attitude begins when the accountant is selected to perform audit or review services and continues until
there is a formal or informal public notification that the professional relationship has ended.
To effectuate the intent of Congress, we believe the phrase "engaged in the performance of an audit"
should be given a broad reading. We believe Congress intended that the phrase encompass the
professional engagement period and any other time the auditor is called upon to make decisions or
judgments regarding the issuer's financial statements, including during negotiations for retention of the
auditor and subsequent to the professional engagement period when the auditor is considering whether
to issue a consent on the use of prior years' audit reports.

The new rules, therefore, would apply throughout the professional engagement and after the
professional engagement has ended when the auditor is considering whether to consent to the use of,
reissue, or withdraw prior audit reports. In limited circumstances, the new rules also may apply before
the professional engagement period begins. For example, the new rules would apply if an officer,
director, or person acting under the direction of an officer or director, offers to engage an accounting
firm subject to a condition that could result in rendering the financial statements materially misleading,
such as a condition that the firm issue an unqualified audit report on financial statements that do not
conform with generally accepted accounting principles, or a condition that the firm limit the scope or
performance of audit or review procedures in violation of generally accepted auditing standards.

Commenters generally agreed with this approach. Some suggested that we define in the rule the phrase
"engaged in the performance of the audit." We believe, however, that the longer discussion in this
release provides a better context to understand the meaning of the phrase.

"Rendering financial statements materially misleading." One of the criteria that must be met in order for
the improper influence on the auditor by officers, directors, or persons acting under their direction to be
actionable under the new rule is that the improper influence, if successful, could result in "rendering
[the issuer's] financial statements materially misleading."

Because the financial statements are prepared by management and the auditor conducts an audit or
review of those financial statements, the auditor would not directly "render [the] financial statements
materially misleading." Rather, the auditor might be improperly influenced to, among other things, issue
an unwarranted report on the financial statements, including suggesting or acquiescing in the use of
inappropriate accounting treatments or not proposing adjustments required for the financial statements
to conform with generally accepted accounting principles.

An auditor also might be coerced, manipulated, misled, or fraudulently influenced not to perform audit
or review procedures that, if performed, might divulge material misstatements in the financial
statements. Other examples of activities that would fall within the rule would be for an officer, director,
or person acting under an officer or director's direction, to improperly influence an auditor either not to
withdraw a previously issued audit report when required by generally accepted auditing standards, or
not to communicate appropriate matters to the audit committee.

New rule 13b2-2(b)(2) makes it clear that subparagraph (b)(1) would apply in such circumstances. As
noted, the rule is not limited to the audit of the annual financial statements, but would include, among
other things, improperly influencing an auditor during a review of interim financial statements or in
connection with the issuance of a consent to the use of an auditor's report. Conducting reviews of
interim financial statements and issuing consents to use past audit reports are sufficiently connected to
the audit process, and improper influences during those processes are sufficiently connected to the
harms that the Act seeks to prevent, that they should be within the scope of the rule. The list of
examples in the rule is only illustrative; other actions also could result in rendering the financial
statements materially misleading.

Many commenters indicated that the examples in paragraph (b)(2) were appropriate and should be
retained. Some commenters suggested that the list of examples be expanded to include improperly
influencing the auditor to permit the inconsistent use of generally accepted accounting principles
("GAAP") or the use of "non-preferable" GAAP in the issuer's financial statements. Others suggested
including improperly influencing an auditor in connection with the auditor's report on an issuer's
assertions about its internal controls.

Another commenter suggested that the examples be replaced with a statement that actions that could
result in "rendering the financial statements materially misleading" include improperly influencing an
auditor during the performance of any procedures by the auditor.

We believe that the list of examples in paragraph (b)(2) is sufficiently broad to include the majority of
instances, including under appropriate circumstances those addressed by commenters, where
improperly influencing an auditor could result in the issuer publishing misleading financial statements.
As noted above, the list of examples is not all-inclusive. Other actions, in appropriate circumstances,
could result in rendering the issuer's financial statements materially misleading.

"Knew or should have known." Section 303(a) states that conduct by an officer, director, or person
acting under the direction of the officer or director designed to improperly influence an issuer's auditor
is actionable if undertaken "for the purpose of rendering [the issuer's] financial statements materially
misleading." We proposed, however, the rule state that an officer, director, or person acting under the
direction of the officer, who engaged in conduct to improperly influence an auditor would be culpable if
he or she "knew or was unreasonable in not knowing" that the improper influence, if successful, could
result in rendering financial statements materially misleading. In the proposing release we noted that
we would consider changing this wording to another phrase to convey that proving a particular purpose
or intent is not required. We are adopting in the final rule the phrase "knew or should have known,"
which historically has indicated the existence of a negligence standard. As noted elsewhere in this
release, this standard is consistent with the Commission's enforcement actions in this area.

Several commenters suggested that the rule should contain the statutory language, which they believe
requires a fraudulent intent, instead of the proposed language, which they believe reflected a
negligence standard. Other commenters, however, indicated that the proposed language should be
adopted or that, at a minimum, a reasonableness standard is appropriate when evaluating the actions of
officers and directors.

We believe that the adopted language, particularly in the absence of any private right of action under
the rule, best achieves the purpose of restoring investor confidence in the audit process. For example, if
an officer of an issuer coerces an auditor not to conduct certain audit procedures required by generally
accepted auditing standards ("GAAS") because the officer wants to conceal his embezzlement of funds
from the issuer, then it is possible that his actions might not be found to be for the "purpose of
rendering the financial statements misleading." If that officer, however, knew or should have known
that not performing the procedures could result in the auditor not detecting and seeking correction of
material errors in the financial statements, then we believe the officer's conduct should be subject to
the rule. Excusing this conduct from the scope of the rule would be inconsistent with the restoration of
investor confidence in financial statements and in the integrity of the audit process.

Response to Other Significant Comments. In the proposing release, we asked if we should replace the
statement in paragraphs (b)(1) and (c) of the rule that no person acting "under the direction" of an
officer or director shall improperly influence the auditors of the issuer's financial statements, with a
statement that no person acting "at the behest of" or "on behalf of" an officer or director shall
improperly influence the auditors. Although some commenters supported use of the phrase "on behalf
of," in general commenters opposed changing this aspect of the proposed rule.

We agree that there may be circumstances where a person acting on behalf of an officer or director
would be considered to be acting under the direction of that officer or director as contemplated by the
rule. We believe, however, that the rule, as proposed and adopted, is sufficiently clear. Replacing "under
the direction of" with "on behalf of" might be construed as narrowing the scope of the rule, and having
both phrases in the rule might create confusion in the interpretation of the rule. Accordingly, we have
adopted the rule as proposed.

We also asked in the proposing release if we should replace the word "fraudulently" in paragraphs (b)(1)
and (c)(2) of the rule with the word "improperly" or some other word to convey a mental state short of
scienter. Although some commenters noted that there is a need for the Commission to adopt rules
intended to enhance investor confidence in issuers' financial statements, commenters generally
opposed this change as exceeding the purpose and scope of section 303 of the Act. The new rule retains
the statutory language of "fraudulently influence" because we are concerned about a lack of specificity
associated with the word "improperly" in the context of the rule. As discussed above, "fraudulently"
modifies only influence and not "coerce, manipulate or mislead."

Finally, commenters questioned whether an auditor would have an obligation to report violations of the
new rule as "illegal acts" under section 10A(b) of the Exchange Act. Section 10A defines an "illegal act"
to be an act or omission that violates any law or any rule or regulation having the force of law.
Accordingly, violations of the new rule are illegal acts within section 10A and should be dealt with as
required by that section.