Sarbanes-Oxley § 404 at Twenty

25 Pages Posted: 30 Aug 2022 Last revised: 30 Dec 2022

See all articles by Stephen M. Bainbridge

Stephen M. Bainbridge

University of California, Los Angeles (UCLA) - School of Law

Date Written: August 26, 2022


Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) was intended to improve public company internal controls over financial reporting (ICFR). Faulty internal controls were believed to have contributed to many corporate scandals during the dot-com era. Empirical research of the pre-SOX era suggested that reporting companies with poor internal controls tended to have more frequent earnings restatements, more SEC enforcement proceedings, and poorer performance than comparable firms with strong internal controls. When SOX was adopted § 404 was not among the most controversial provisions. Instead, it was the attorney conduct rules, CEO and CFO certification requirements, and the ban on loans to officers and directors—plus the larger question of federalizing corporate governance—that generated most of the early criticism aimed at the statute. Once companies began implementing § 404’s mandate for assessments of their internal controls over financial reporting, however, it became apparent that compliance costs were considerably greater than anticipated. In short order, § 404 became—and remains—SOX’s most controversial provision. SOX’s twentieth anniversary seems an opportune time to reassess the controversy over § 404. There is a considerable body of empirical evidence on the costs and benefits of § 404, which this article reviews. As it turns out, however, there are so many potential confounding factors that all of the evidence must be viewed with a degree of skepticism. Nonetheless, a few conclusions can be drawn. With the benefit of hindsight, it seems clear that Congress in 2002 had no idea what it would cost companies to comply § 404. The SEC had an estimate of what § 404(a) compliance would cost but had no idea what § 404(b) compliance would cost. Sticker shock seems the right description of the reaction once those costs became clear. Section 404 compliance costs were substantial from the outset. Those costs were disproportionately borne by smaller firms from the outset. Section 404 compliance costs remain high and show no signs of dropping over time. It remains the case that those costs are disproportionately borne by smaller firms. As far as achieving its main goal of reducing material weaknesses in ICFR, § 404 cannot be deemed a success. Both adverse managerial reports and auditor attestations actually rose prior to 2014 and have dropped only slightly in the subsequent period. Problems with firms failing to remediate persistent material weaknesses remain a source of concern.

Keywords: Sarbanes-Oxley, SOX, internal controls, financial reporting, ICFR

JEL Classification: K22

Suggested Citation

Bainbridge, Stephen Mark, Sarbanes-Oxley § 404 at Twenty (August 26, 2022). UCLA School of Law, Law-Econ Research Paper No. 22-05, 2022, Available at SSRN:

Stephen Mark Bainbridge (Contact Author)

University of California, Los Angeles (UCLA) - School of Law ( email )

385 Charles E. Young Dr. East
Room 1242
Los Angeles, CA 90095-1476
United States
310-206-1599 (Phone)
310-825-6023 (Fax)


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics